URL: only accept ";options" in SMTP/POP3/IMAP URL schemes

Fixes #1252
2024-12-21 15:48:49 -05:00 · 2017-02-10 10:50:19 +01:00 · 2017-02-10 10:50:19 +01:00 · c5c4e816b4
commit c5c4e816b4
parent 7017c421a1
7 changed files with 73 additions and 14 deletions
--- a/lib/imap.c
+++ b/lib/imap.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -130,7 +130,8 @@ const struct Curl_handler Curl_handler_imap = {
  ZERO_NULL,                        /* readwrite */
  PORT_IMAP,                        /* defport */
  CURLPROTO_IMAP,                   /* protocol */
-  PROTOPT_CLOSEACTION               /* flags */
+  PROTOPT_CLOSEACTION|              /* flags */
+  PROTOPT_URLOPTIONS
 };

 #ifdef USE_SSL
--- a/lib/pop3.c
+++ b/lib/pop3.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -127,7 +127,8 @@ const struct Curl_handler Curl_handler_pop3 = {
  ZERO_NULL,                        /* readwrite */
  PORT_POP3,                        /* defport */
  CURLPROTO_POP3,                   /* protocol */
-  PROTOPT_CLOSEACTION | PROTOPT_NOURLQUERY /* flags */
+  PROTOPT_CLOSEACTION | PROTOPT_NOURLQUERY | /* flags */
+  PROTOPT_URLOPTIONS
 };

 #ifdef USE_SSL
@ -153,7 +154,7 @@ const struct Curl_handler Curl_handler_pop3s = {
  PORT_POP3S,                       /* defport */
  CURLPROTO_POP3S,                  /* protocol */
  PROTOPT_CLOSEACTION | PROTOPT_SSL
-  | PROTOPT_NOURLQUERY              /* flags */
+  | PROTOPT_NOURLQUERY | PROTOPT_URLOPTIONS /* flags */
 };
 #endif

--- a/lib/smtp.c
+++ b/lib/smtp.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -126,7 +126,8 @@ const struct Curl_handler Curl_handler_smtp = {
  ZERO_NULL,                        /* readwrite */
  PORT_SMTP,                        /* defport */
  CURLPROTO_SMTP,                   /* protocol */
-  PROTOPT_CLOSEACTION | PROTOPT_NOURLQUERY /* flags */
+  PROTOPT_CLOSEACTION | PROTOPT_NOURLQUERY | /* flags */
+  PROTOPT_URLOPTIONS
 };

 #ifdef USE_SSL
@ -152,7 +153,7 @@ const struct Curl_handler Curl_handler_smtps = {
  PORT_SMTPS,                       /* defport */
  CURLPROTO_SMTPS,                  /* protocol */
  PROTOPT_CLOSEACTION | PROTOPT_SSL
-  | PROTOPT_NOURLQUERY              /* flags */
+  | PROTOPT_NOURLQUERY | PROTOPT_URLOPTIONS /* flags */
 };
 #endif

--- a/lib/url.c
+++ b/lib/url.c
@ -4613,6 +4613,10 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
    data->change.url_alloc = TRUE; /* free this later */
  }

+  result = findprotocol(data, conn, protop);
+  if(result)
+    return result;
+
  /*
   * Parse the login details from the URL and strip them out of
   * the host name
@ -4699,8 +4703,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
   *   conn->host.name is B
   *   data->state.path is /C
   */
-
-  return findprotocol(data, conn, protop);
+  return CURLE_OK;
 }

 /*
@ -5206,6 +5209,7 @@ static CURLcode parse_url_login(struct Curl_easy *data,
  DEBUGASSERT(!**user);
  DEBUGASSERT(!**passwd);
  DEBUGASSERT(!**options);
+  DEBUGASSERT(conn->handler);

  if(!ptr)
    goto out;
@ -5224,9 +5228,12 @@ static CURLcode parse_url_login(struct Curl_easy *data,
  if(data->set.use_netrc == CURL_NETRC_REQUIRED)
    goto out;

-  /* We could use the login information in the URL so extract it */
+  /* We could use the login information in the URL so extract it. Only parse
+     options if the handler says we should. */
  result = parse_login_details(login, ptr - login - 1,
-                               &userp, &passwdp, &optionsp);
+                               &userp, &passwdp,
+                               (conn->handler->flags & PROTOPT_URLOPTIONS)?
+                               &optionsp:NULL);
  if(result)
    goto out;

--- a/lib/urldata.h
+++ b/lib/urldata.h
@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -845,6 +845,8 @@ struct Curl_handler {
                                          request instead of per connection */
 #define PROTOPT_ALPN_NPN (1<<8) /* set ALPN and/or NPN for this */
 #define PROTOPT_STREAM (1<<9) /* a protocol with individual logical streams */
+#define PROTOPT_URLOPTIONS (1<<10) /* allow options part in the userinfo field
+                                      of the URL */

 /* return the count of bytes sent, or -1 on error */
 typedef ssize_t (Curl_send)(struct connectdata *conn, /* connection data */
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@ -128,7 +128,7 @@ test1220 test1221 test1222 test1223 test1224 test1225 test1226 test1227 \
 test1228 test1229 test1230 test1231 test1232 test1233 test1234 test1235 \
 test1236 test1237 test1238 test1239 test1240 test1241 test1242 test1243 \
 test1244 test1245 test1246 test1247 test1248 test1249 test1250 test1251 \
-test1252 test1253 test1254 test1255 test1256 test1257 test1258 \
+test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \
 \
 test1280 test1281 test1282 \
 \
--- a/tests/data/test1259
+++ b/tests/data/test1259
@ -0,0 +1,47 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data>
+HTTP/1.0 200 OK swsclose
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Type: text/html
+Set-Cookie: I-am=here; domain=localhost;
+
+boo
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP URL with semicolon in password
+ </name>
+ <command>
+"http://user:pass;word@%HOSTIP:%HTTPPORT/we/want/1259"
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /we/want/1259 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Authorization: Basic dXNlcjpwYXNzO3dvcmQ=
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>