1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00

URL-parser: for file://[host]/ URLs, the [host] must be localhost

Previously, the [host] part was just ignored which made libcurl accept
strange URLs misleading users. like "file://etc/passwd" which might've
looked like it refers to "/etc/passwd" but is just "/passwd" since the
"etc" is an ignored host name.

Reported-by: Mike Crowe
Assisted-by: Kamil Dudka
This commit is contained in:
Daniel Stenberg 2016-11-11 08:09:04 +01:00
parent 8c15e0de6f
commit 346340808c

View File

@ -4068,33 +4068,38 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
* the URL protocols specified in RFC 1738 * the URL protocols specified in RFC 1738
*/ */
if(path[0] != '/') { if(path[0] != '/') {
/* the URL included a host name, we ignore host names in file:// URLs /* the URL includes a host name, it must match "localhost" or
as the standards don't define what to do with them */ "127.0.0.1" to be valid */
char *ptr=strchr(path, '/'); char *ptr;
if(ptr) { if(!checkprefix("localhost/", path) &&
/* there was a slash present !checkprefix("127.0.0.1/", path)) {
failf(data, "Valid host name with slash missing in URL");
RFC1738 (section 3.1, page 5) says: return CURLE_URL_MALFORMAT;
The rest of the locator consists of data specific to the scheme,
and is known as the "url-path". It supplies the details of how the
specified resource can be accessed. Note that the "/" between the
host (or port) and the url-path is NOT part of the url-path.
As most agents use file://localhost/foo to get '/foo' although the
slash preceding foo is a separator and not a slash for the path,
a URL as file://localhost//foo must be valid as well, to refer to
the same file with an absolute path.
*/
if(ptr[1] && ('/' == ptr[1]))
/* if there was two slashes, we skip the first one as that is then
used truly as a separator */
ptr++;
/* This cannot be made with strcpy, as the memory chunks overlap! */
memmove(path, ptr, strlen(ptr)+1);
} }
ptr = &path[9]; /* now points to the slash after the host */
/* there was a host name and slash present
RFC1738 (section 3.1, page 5) says:
The rest of the locator consists of data specific to the scheme,
and is known as the "url-path". It supplies the details of how the
specified resource can be accessed. Note that the "/" between the
host (or port) and the url-path is NOT part of the url-path.
As most agents use file://localhost/foo to get '/foo' although the
slash preceding foo is a separator and not a slash for the path,
a URL as file://localhost//foo must be valid as well, to refer to
the same file with an absolute path.
*/
if('/' == ptr[1])
/* if there was two slashes, we skip the first one as that is then
used truly as a separator */
ptr++;
/* This cannot be made with strcpy, as the memory chunks overlap! */
memmove(path, ptr, strlen(ptr)+1);
} }
protop = "file"; /* protocol string */ protop = "file"; /* protocol string */