1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 15:48:49 -05:00

parse_proxy: bail out on zero-length proxy names!

The proxy parser function strips off trailing slashes off the proxy name
which could lead to a mistaken zero length proxy name which would be
treated as no proxy at all by subsequent functions!

This is now detected and an error is returned. Verified by the new test
1329.

Reported by: Chandrakant Bagul
Bug: http://curl.haxx.se/mail/lib-2012-02/0000.html
This commit is contained in:
Daniel Stenberg 2012-02-10 16:26:20 +01:00
parent ebf3138992
commit ecc93caaeb
3 changed files with 41 additions and 2 deletions

View File

@ -4271,11 +4271,20 @@ static CURLcode parse_proxy(struct SessionHandle *data,
conn->port = strtol(prox_portno, NULL, 10);
}
else {
if(proxyptr[0]=='/') {
/* If the first character in the proxy string is a slash, fail
immediately. The following code will otherwise clear the string which
will lead to code running as if no proxy was set! */
free(proxy); /* free the former proxy string */
return CURLE_COULDNT_RESOLVE_PROXY;
}
/* without a port number after the host name, some people seem to use
a slash so we strip everything from the first slash */
atsign = strchr(proxyptr, '/');
if(atsign)
if(atsign) {
*atsign = 0x0; /* cut off path part from host name */
}
if(data->set.proxyport)
/* None given in the proxy string, then get the default one if it is

View File

@ -82,7 +82,7 @@ test1220 \
test1300 test1301 test1302 test1303 test1304 test1305 \
test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \
test1314 test1315 test1316 test1317 test1318 test1319 test1320 test1321 \
test1322 test1323 test1324 test1325 test1326 test1327 test1328 \
test1322 test1323 test1324 test1325 test1326 test1327 test1328 test1329 \
test2000 test2001 test2002 test2003 test2004
EXTRA_DIST = $(TESTCASES) DISABLED

30
tests/data/test1329 Normal file
View File

@ -0,0 +1,30 @@
<testcase>
<info>
<keywords>
HTTP proxy
</keywords>
</info>
#
# Client-side
<client>
<server>
http
</server>
<name>
/-prefixed proxy name
</name>
<command>
http://%HOSTIP:%HTTPPORT/we/want/that/page/1329 -x "/server"
</command>
</client>
#
# Verify data after the test has been "shot"
<verify>
# 5 == CURLE_COULDNT_RESOLVE_PROXY
<errorcode>
5
</errorcode>
</verify>
</testcase>