parse_proxy: reject illegal port numbers

If the port number in the proxy string ended weirdly or the number is too large, skip it. Mostly as a means to bail out early if a "bare" IPv6 numerical address is used without enclosing brackets. Also mention the bracket requirement for IPv6 numerical addresses to the man page for CURLOPT_PROXY. Closes #415 Reported-by: Marcel Raad
2024-12-22 08:08:50 -05:00 · 2015-09-08 13:42:48 +02:00 · 2015-09-08 13:42:48 +02:00 · 87e533ace0
commit 87e533ace0
parent 27620171ff
2 changed files with 18 additions and 4 deletions
--- a/docs/libcurl/opts/CURLOPT_PROXY.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY.3
@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@ -29,8 +29,8 @@ CURLOPT_PROXY \- set proxy to use
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY, char *proxy);
 .SH DESCRIPTION
 Set the \fIproxy\fP to use for the upcoming request. The parameter should be a
-char * to a zero terminated string holding the host name or dotted IP
-address.
+char * to a zero terminated string holding the host name or dotted numerical
+IP address. A numerical IPv6 address must be written within [brackets].

 To specify port number in this string, append :[port] to the end of the host
 name. The proxy's port number may optionally be specified with the separate
--- a/lib/url.c
+++ b/lib/url.c
@ -4640,10 +4640,24 @@ static CURLcode parse_proxy(struct SessionHandle *data,
  /* Get port number off proxy.server.com:1080 */
  prox_portno = strchr(portptr, ':');
  if(prox_portno) {
+    char *endp = NULL;
+    long port = 0;
    *prox_portno = 0x0; /* cut off number from host name */
    prox_portno ++;
    /* now set the local port number */
-    conn->port = strtol(prox_portno, NULL, 10);
+    port = strtol(prox_portno, &endp, 10);
+    if((endp && *endp && (*endp != '/') && (*endp != ' ')) ||
+       (port >= 65536) ) {
+      /* meant to detect for example invalid IPv6 numerical addresses without
+         brackets: "2a00:fac0:a000::7:13". Accept a trailing slash only
+         because we then allow "URL style" with the number followed by a
+         slash, used in curl test cases already. Space is also an acceptable
+         terminating symbol. */
+      infof(data, "No valid port number in proxy string (%s)\n",
+            prox_portno);
+    }
+    else
+      conn->port = port;
  }
  else {
    if(proxyptr[0]=='/')