diff --git a/lib/urlapi-int.h b/lib/urlapi-int.h index 75a360542..5f059c203 100644 --- a/lib/urlapi-int.h +++ b/lib/urlapi-int.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,9 +22,8 @@ * ***************************************************************************/ #include "curl_setup.h" -/* scheme is not URL encoded, the longest libcurl supported ones are 6 - letters */ -#define MAX_SCHEME_LEN 8 +/* scheme is not URL encoded, the longest libcurl supported ones are... */ +#define MAX_SCHEME_LEN 40 bool Curl_is_absolute_url(const char *url, char *scheme, size_t buflen); char *Curl_concat_url(const char *base, const char *relurl); diff --git a/lib/urlapi.c b/lib/urlapi.c index 3fef2fcf7..d07e4f5df 100644 --- a/lib/urlapi.c +++ b/lib/urlapi.c @@ -652,7 +652,7 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags) char *fragment = NULL; CURLUcode result; bool url_has_scheme = FALSE; - char schemebuf[MAX_SCHEME_LEN]; + char schemebuf[MAX_SCHEME_LEN + 1]; char *schemep = NULL; size_t schemelen = 0; size_t urllen; @@ -1217,6 +1217,9 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, switch(what) { case CURLUPART_SCHEME: + if(strlen(part) > MAX_SCHEME_LEN) + /* too long */ + return CURLUE_MALFORMED_INPUT; if(!(flags & CURLU_NON_SUPPORT_SCHEME) && /* verify that it is a fine scheme */ !Curl_builtin_scheme(part)) @@ -1279,7 +1282,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, char *redired_url; CURLU *handle2; - if(Curl_is_absolute_url(part, NULL, MAX_SCHEME_LEN)) { + if(Curl_is_absolute_url(part, NULL, MAX_SCHEME_LEN + 1)) { handle2 = curl_url(); if(!handle2) return CURLUE_OUT_OF_MEMORY;