mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 08:08:50 -05:00
URL-parser: for file://[host]/ URLs, the [host] must be localhost
Previously, the [host] part was just ignored which made libcurl accept strange URLs misleading users. like "file://etc/passwd" which might've looked like it refers to "/etc/passwd" but is just "/passwd" since the "etc" is an ignored host name. Reported-by: Mike Crowe Assisted-by: Kamil Dudka
This commit is contained in:
parent
8c15e0de6f
commit
346340808c
57
lib/url.c
57
lib/url.c
@ -4068,33 +4068,38 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
|
|||||||
* the URL protocols specified in RFC 1738
|
* the URL protocols specified in RFC 1738
|
||||||
*/
|
*/
|
||||||
if(path[0] != '/') {
|
if(path[0] != '/') {
|
||||||
/* the URL included a host name, we ignore host names in file:// URLs
|
/* the URL includes a host name, it must match "localhost" or
|
||||||
as the standards don't define what to do with them */
|
"127.0.0.1" to be valid */
|
||||||
char *ptr=strchr(path, '/');
|
char *ptr;
|
||||||
if(ptr) {
|
if(!checkprefix("localhost/", path) &&
|
||||||
/* there was a slash present
|
!checkprefix("127.0.0.1/", path)) {
|
||||||
|
failf(data, "Valid host name with slash missing in URL");
|
||||||
RFC1738 (section 3.1, page 5) says:
|
return CURLE_URL_MALFORMAT;
|
||||||
|
|
||||||
The rest of the locator consists of data specific to the scheme,
|
|
||||||
and is known as the "url-path". It supplies the details of how the
|
|
||||||
specified resource can be accessed. Note that the "/" between the
|
|
||||||
host (or port) and the url-path is NOT part of the url-path.
|
|
||||||
|
|
||||||
As most agents use file://localhost/foo to get '/foo' although the
|
|
||||||
slash preceding foo is a separator and not a slash for the path,
|
|
||||||
a URL as file://localhost//foo must be valid as well, to refer to
|
|
||||||
the same file with an absolute path.
|
|
||||||
*/
|
|
||||||
|
|
||||||
if(ptr[1] && ('/' == ptr[1]))
|
|
||||||
/* if there was two slashes, we skip the first one as that is then
|
|
||||||
used truly as a separator */
|
|
||||||
ptr++;
|
|
||||||
|
|
||||||
/* This cannot be made with strcpy, as the memory chunks overlap! */
|
|
||||||
memmove(path, ptr, strlen(ptr)+1);
|
|
||||||
}
|
}
|
||||||
|
ptr = &path[9]; /* now points to the slash after the host */
|
||||||
|
|
||||||
|
/* there was a host name and slash present
|
||||||
|
|
||||||
|
RFC1738 (section 3.1, page 5) says:
|
||||||
|
|
||||||
|
The rest of the locator consists of data specific to the scheme,
|
||||||
|
and is known as the "url-path". It supplies the details of how the
|
||||||
|
specified resource can be accessed. Note that the "/" between the
|
||||||
|
host (or port) and the url-path is NOT part of the url-path.
|
||||||
|
|
||||||
|
As most agents use file://localhost/foo to get '/foo' although the
|
||||||
|
slash preceding foo is a separator and not a slash for the path,
|
||||||
|
a URL as file://localhost//foo must be valid as well, to refer to
|
||||||
|
the same file with an absolute path.
|
||||||
|
*/
|
||||||
|
|
||||||
|
if('/' == ptr[1])
|
||||||
|
/* if there was two slashes, we skip the first one as that is then
|
||||||
|
used truly as a separator */
|
||||||
|
ptr++;
|
||||||
|
|
||||||
|
/* This cannot be made with strcpy, as the memory chunks overlap! */
|
||||||
|
memmove(path, ptr, strlen(ptr)+1);
|
||||||
}
|
}
|
||||||
|
|
||||||
protop = "file"; /* protocol string */
|
protop = "file"; /* protocol string */
|
||||||
|
Loading…
Reference in New Issue
Block a user