Eric Vergnaud pointed out that libcurl didn't treat ?-letters in the user name

and password fields properly in URLs, like ftp://us?er:pass?word@site.com/. Added test 191 to verify the fix.
2024-12-21 23:58:49 -05:00 · 2004-10-14 13:44:54 +00:00 · 2004-10-14 13:44:54 +00:00 · e8f85cba0f
commit e8f85cba0f
parent 1aba99b1e7
6 changed files with 67 additions and 11 deletions
--- a/5
+++ b/5
@ -6,6 +6,11 @@
                                  Changelog
 Daniel (14 October 2004)
 - Eric Vergnaud pointed out that libcurl didn't treat ?-letters in the user
  name and password fields properly in URLs, like
  ftp://us?er:pass?word@site.com/. Added test 191 to verify the fix.
 Daniel (11 October 2004)
 - libcurl now uses SO_NOSIGPIPE for systems that support it (Mac OS X 10.2 or
  later is one) to inhibit the SIGPIPE signal when writing to a socket while
--- a/5
+++ b/5
@ -21,6 +21,7 @@ This release includes the following changes:
 This release includes the following bugfixes:
 o URLs with ?-letters in the user name or password fields
 o libcurl error message is now provided when send() fails
 o no more SIGPIPE on Mac OS X and other SO_NOSIGPIPE-supporting platforms
 o HTTP resume was refused if redirected
@ -61,6 +62,8 @@ Other curl-related news since the previous public release:
 o tclcurl version 0.12.1
   http://personal1.iddeo.es/andresgarci/tclcurl/english/
 o libcurl.NET was announce: http://www.seasideresearch.com/downloads.html
 o Get your fresh Mozilla-extracted ca cert bundle here:
   http://curl.haxx.se/docs/caextract.html
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
@ -71,6 +74,6 @@ advice from friends like these:
 Jean-Claude Chauve, Dan Fandrich, Peter Sylvester, "Mekonikum", Jean-Philippe
 Barrette-LaPierre, Günter Knauf, Larry Campbell, Fedor Karpelevitch,
 Aleksandar Milivojevic, Gisle Vanem, Chris "Bob Bob", Chih-Chung Chang,
- Andy Cedilnik, Alan Pinstein
+ Andy Cedilnik, Alan Pinstein, Eric Vergnaud 
        Thanks! (and sorry if I forgot to mention someone)
--- a/2
+++ b/2
@ -5,8 +5,6 @@ To get fixed in 7.12.2 (planned release: mid October 2004)
 50 - threaded windows resolver problem reported by Traian Nicolescu
 51 - ?-letters in user name or password in ftp:// URLs
 To get fixed in 7.12.3 (planned release: December 2004)
 ======================
--- a/lib/url.c
+++ b/lib/url.c
@ -2175,6 +2175,7 @@ static CURLcode CreateConnection(struct SessionHandle *data,
                                 bool *async)
 {
  char *tmp;
  char *at;
  CURLcode result=CURLE_OK;
  struct connectdata *conn;
  struct connectdata *conn_temp;
@ -2349,13 +2350,8 @@ static CURLcode CreateConnection(struct SessionHandle *data,
    /* Set default path */
    strcpy(conn->path, "/");
    /* We need to search for '/' OR '?' - whichever comes first after host
     * name but before the path. We need to change that to handle things like
     * http://example.com?param= (notice the missing '/'). Later we'll insert
     * that missing slash at the beginning of the path.
     */
    if (2 > sscanf(data->change.url,
-                   "%15[^\n:]://%[^\n/?]%[^\n]",
+                   "%15[^\n:]://%[^\n/]%[^\n]",
                   conn->protostr,
                   conn->host.name, conn->path)) {
@ -2363,7 +2359,7 @@ static CURLcode CreateConnection(struct SessionHandle *data,
       * The URL was badly formatted, let's try the browser-style _without_
       * protocol specified like 'http://'.
       */
-      if((1 > sscanf(data->change.url, "%[^\n/?]%[^\n]",
+      if((1 > sscanf(data->change.url, "%[^\n/]%[^\n]",
                     conn->host.name, conn->path)) ) {
        /*
         * We couldn't even get this format.
@ -2404,6 +2400,27 @@ static CURLcode CreateConnection(struct SessionHandle *data,
    }
  }
  /* We search for '?' in the host name (but only on the right side of a
   * @-letter to allow ?-letters in username and password) to handle things
   * like http://example.com?param= (notice the missing '/').
   */
  at = strchr(conn->host.name, '@');
  if(at)
    tmp = strchr(at+1, '?');
  else
    tmp = strchr(conn->host.name, '?');
  if(tmp) {
    /* The right part of the ?-letter needs to be moved to prefix
       the current path buffer! */
    size_t len = strlen(tmp);
    /* move the existing path plus the zero byte */
    memmove(conn->path+len+1, conn->path, strlen(conn->path)+1);
    conn->path[0]='/'; /* prepend the missing slash */
    memcpy(conn->path+1, tmp, len); /* now copy the prefix part */
    *tmp=0; /* now cut off the hostname at the ? */
  }
  /* If the URL is malformatted (missing a '/' after hostname before path) we
   * insert a slash here. The only letter except '/' we accept to start a path
   * is '?'.
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@ -26,7 +26,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46	\
 test512 test165 test166 test167 test168 test169 test170 test171	\
 test172 test204 test205 test173 test174 test175 test176 test177	\
 test513 test514 test178 test179 test180 test181 test182 test183	\
- test184 test185 test186 test187 test188 test189
+ test184 test185 test186 test187 test188 test189 test191
 # The following tests have been removed from the dist since they no longer
 # work. We need to fix the test suite's FTPS server first, then bring them
--- a/tests/data/test191
+++ b/tests/data/test191
@ -0,0 +1,33 @@
 # Server-side
 <reply>
 <data>
 data in file
 </data>
 </reply>
 # Client-side
 <client>
 <server>
 ftp
 </server>
 <name>
 FTP URL with ?-letters in username and password 
 </name>
 <command>
 "ftp://use?r:pass?word@%HOSTIP:%FTPPORT/191"
 </command>
 </test>
 # Verify data after the test has been "shot"
 <verify>
 <protocol>
 USER use?r
 PASS pass?word
 PWD
 EPSV
 TYPE I
 SIZE 191
 RETR 191
 QUIT
 </protocol>
 </verify>