From 04488851e291ea0fc3f32e87ea637afcf1c2ca28 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 19 Apr 2021 22:58:54 +0200 Subject: [PATCH] urlapi: make sure no +/- signs are accepted in IPv4 numericals Follow-up to 56a037cc0ad1b2. Extends test 1560 to verify. Reported-by: Tuomas Siipola Fixes #6916 Closes #6917 --- lib/urlapi.c | 6 +++++- tests/libtest/lib1560.c | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/urlapi.c b/lib/urlapi.c index 340dc33df..6483208ec 100644 --- a/lib/urlapi.c +++ b/lib/urlapi.c @@ -686,7 +686,11 @@ static bool ipv4_normalize(const char *hostname, char *outp, size_t olen) while(!done) { char *endp; - unsigned long l = strtoul(c, &endp, 0); + unsigned long l; + if((*c < '0') || (*c > '9')) + /* most importantly this doesn't allow a leading plus or minus */ + return FALSE; + l = strtoul(c, &endp, 0); /* overflow or nothing parsed at all */ if(((l == ULONG_MAX) && (errno == ERANGE)) || (endp == c)) diff --git a/tests/libtest/lib1560.c b/tests/libtest/lib1560.c index a469b7a0c..3285df0eb 100644 --- a/tests/libtest/lib1560.c +++ b/tests/libtest/lib1560.c @@ -331,6 +331,9 @@ static struct urltestcase get_url_list[] = { {"https://0xff.0xff.0377.255", "https://255.255.255.255/", 0, 0, CURLUE_OK}, {"https://1.0xffffff", "https://1.255.255.255/", 0, 0, CURLUE_OK}, /* IPv4 numerical overflows or syntax errors will not normalize */ + {"https://+127.0.0.1", "https://+127.0.0.1/", 0, 0, CURLUE_OK}, + {"https://127.-0.0.1", "https://127.-0.0.1/", 0, 0, CURLUE_OK}, + {"https://127.0. 1", "https://127.0.0.1/", 0, 0, CURLUE_MALFORMED_INPUT}, {"https://1.0x1000000", "https://1.0x1000000/", 0, 0, CURLUE_OK}, {"https://1.2.3.256", "https://1.2.3.256/", 0, 0, CURLUE_OK}, {"https://1.2.3.4.5", "https://1.2.3.4.5/", 0, 0, CURLUE_OK},