From e8f85cba0f8c19369d39b1c6616dc51dae1dd179 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 14 Oct 2004 13:44:54 +0000 Subject: [PATCH] Eric Vergnaud pointed out that libcurl didn't treat ?-letters in the user name and password fields properly in URLs, like ftp://us?er:pass?word@site.com/. Added test 191 to verify the fix. --- CHANGES | 5 +++++ RELEASE-NOTES | 5 ++++- TODO-RELEASE | 2 -- lib/url.c | 31 ++++++++++++++++++++++++------- tests/data/Makefile.am | 2 +- tests/data/test191 | 33 +++++++++++++++++++++++++++++++++ 6 files changed, 67 insertions(+), 11 deletions(-) create mode 100644 tests/data/test191 diff --git a/CHANGES b/CHANGES index 4272f3ec3..4f5850241 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,11 @@ Changelog +Daniel (14 October 2004) +- Eric Vergnaud pointed out that libcurl didn't treat ?-letters in the user + name and password fields properly in URLs, like + ftp://us?er:pass?word@site.com/. Added test 191 to verify the fix. + Daniel (11 October 2004) - libcurl now uses SO_NOSIGPIPE for systems that support it (Mac OS X 10.2 or later is one) to inhibit the SIGPIPE signal when writing to a socket while diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 1c82b8118..8611f70cc 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -21,6 +21,7 @@ This release includes the following changes: This release includes the following bugfixes: + o URLs with ?-letters in the user name or password fields o libcurl error message is now provided when send() fails o no more SIGPIPE on Mac OS X and other SO_NOSIGPIPE-supporting platforms o HTTP resume was refused if redirected @@ -61,6 +62,8 @@ Other curl-related news since the previous public release: o tclcurl version 0.12.1 http://personal1.iddeo.es/andresgarci/tclcurl/english/ o libcurl.NET was announce: http://www.seasideresearch.com/downloads.html + o Get your fresh Mozilla-extracted ca cert bundle here: + http://curl.haxx.se/docs/caextract.html This release would not have looked like this without help, code, reports and advice from friends like these: @@ -71,6 +74,6 @@ advice from friends like these: Jean-Claude Chauve, Dan Fandrich, Peter Sylvester, "Mekonikum", Jean-Philippe Barrette-LaPierre, Günter Knauf, Larry Campbell, Fedor Karpelevitch, Aleksandar Milivojevic, Gisle Vanem, Chris "Bob Bob", Chih-Chung Chang, - Andy Cedilnik, Alan Pinstein + Andy Cedilnik, Alan Pinstein, Eric Vergnaud Thanks! (and sorry if I forgot to mention someone) diff --git a/TODO-RELEASE b/TODO-RELEASE index 90138c625..5ce661fb0 100644 --- a/TODO-RELEASE +++ b/TODO-RELEASE @@ -5,8 +5,6 @@ To get fixed in 7.12.2 (planned release: mid October 2004) 50 - threaded windows resolver problem reported by Traian Nicolescu -51 - ?-letters in user name or password in ftp:// URLs - To get fixed in 7.12.3 (planned release: December 2004) ====================== diff --git a/lib/url.c b/lib/url.c index db7cf2ab5..e84d05489 100644 --- a/lib/url.c +++ b/lib/url.c @@ -2175,6 +2175,7 @@ static CURLcode CreateConnection(struct SessionHandle *data, bool *async) { char *tmp; + char *at; CURLcode result=CURLE_OK; struct connectdata *conn; struct connectdata *conn_temp; @@ -2349,13 +2350,8 @@ static CURLcode CreateConnection(struct SessionHandle *data, /* Set default path */ strcpy(conn->path, "/"); - /* We need to search for '/' OR '?' - whichever comes first after host - * name but before the path. We need to change that to handle things like - * http://example.com?param= (notice the missing '/'). Later we'll insert - * that missing slash at the beginning of the path. - */ if (2 > sscanf(data->change.url, - "%15[^\n:]://%[^\n/?]%[^\n]", + "%15[^\n:]://%[^\n/]%[^\n]", conn->protostr, conn->host.name, conn->path)) { @@ -2363,7 +2359,7 @@ static CURLcode CreateConnection(struct SessionHandle *data, * The URL was badly formatted, let's try the browser-style _without_ * protocol specified like 'http://'. */ - if((1 > sscanf(data->change.url, "%[^\n/?]%[^\n]", + if((1 > sscanf(data->change.url, "%[^\n/]%[^\n]", conn->host.name, conn->path)) ) { /* * We couldn't even get this format. @@ -2404,6 +2400,27 @@ static CURLcode CreateConnection(struct SessionHandle *data, } } + /* We search for '?' in the host name (but only on the right side of a + * @-letter to allow ?-letters in username and password) to handle things + * like http://example.com?param= (notice the missing '/'). + */ + at = strchr(conn->host.name, '@'); + if(at) + tmp = strchr(at+1, '?'); + else + tmp = strchr(conn->host.name, '?'); + + if(tmp) { + /* The right part of the ?-letter needs to be moved to prefix + the current path buffer! */ + size_t len = strlen(tmp); + /* move the existing path plus the zero byte */ + memmove(conn->path+len+1, conn->path, strlen(conn->path)+1); + conn->path[0]='/'; /* prepend the missing slash */ + memcpy(conn->path+1, tmp, len); /* now copy the prefix part */ + *tmp=0; /* now cut off the hostname at the ? */ + } + /* If the URL is malformatted (missing a '/' after hostname before path) we * insert a slash here. The only letter except '/' we accept to start a path * is '?'. diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am index 7a00695c0..3a317ea59 100644 --- a/tests/data/Makefile.am +++ b/tests/data/Makefile.am @@ -26,7 +26,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46 \ test512 test165 test166 test167 test168 test169 test170 test171 \ test172 test204 test205 test173 test174 test175 test176 test177 \ test513 test514 test178 test179 test180 test181 test182 test183 \ - test184 test185 test186 test187 test188 test189 + test184 test185 test186 test187 test188 test189 test191 # The following tests have been removed from the dist since they no longer # work. We need to fix the test suite's FTPS server first, then bring them diff --git a/tests/data/test191 b/tests/data/test191 new file mode 100644 index 000000000..c3baf57bc --- /dev/null +++ b/tests/data/test191 @@ -0,0 +1,33 @@ +# Server-side + + +data in file + + + +# Client-side + + +ftp + + +FTP URL with ?-letters in username and password + + +"ftp://use?r:pass?word@%HOSTIP:%FTPPORT/191" + + + +# Verify data after the test has been "shot" + + +USER use?r +PASS pass?word +PWD +EPSV +TYPE I +SIZE 191 +RETR 191 +QUIT + +