From ecc93caaebe4d7c0168cedd99c3a6c42f7db9666 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 10 Feb 2012 16:26:20 +0100 Subject: [PATCH] parse_proxy: bail out on zero-length proxy names! The proxy parser function strips off trailing slashes off the proxy name which could lead to a mistaken zero length proxy name which would be treated as no proxy at all by subsequent functions! This is now detected and an error is returned. Verified by the new test 1329. Reported by: Chandrakant Bagul Bug: http://curl.haxx.se/mail/lib-2012-02/0000.html --- lib/url.c | 11 ++++++++++- tests/data/Makefile.am | 2 +- tests/data/test1329 | 30 ++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 tests/data/test1329 diff --git a/lib/url.c b/lib/url.c index b3040b26d..d0e0eaeb2 100644 --- a/lib/url.c +++ b/lib/url.c @@ -4271,11 +4271,20 @@ static CURLcode parse_proxy(struct SessionHandle *data, conn->port = strtol(prox_portno, NULL, 10); } else { + if(proxyptr[0]=='/') { + /* If the first character in the proxy string is a slash, fail + immediately. The following code will otherwise clear the string which + will lead to code running as if no proxy was set! */ + free(proxy); /* free the former proxy string */ + return CURLE_COULDNT_RESOLVE_PROXY; + } + /* without a port number after the host name, some people seem to use a slash so we strip everything from the first slash */ atsign = strchr(proxyptr, '/'); - if(atsign) + if(atsign) { *atsign = 0x0; /* cut off path part from host name */ + } if(data->set.proxyport) /* None given in the proxy string, then get the default one if it is diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am index a9391c702..40ebf252c 100644 --- a/tests/data/Makefile.am +++ b/tests/data/Makefile.am @@ -82,7 +82,7 @@ test1220 \ test1300 test1301 test1302 test1303 test1304 test1305 \ test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \ test1314 test1315 test1316 test1317 test1318 test1319 test1320 test1321 \ -test1322 test1323 test1324 test1325 test1326 test1327 test1328 \ +test1322 test1323 test1324 test1325 test1326 test1327 test1328 test1329 \ test2000 test2001 test2002 test2003 test2004 EXTRA_DIST = $(TESTCASES) DISABLED diff --git a/tests/data/test1329 b/tests/data/test1329 new file mode 100644 index 000000000..3d2d0cb6c --- /dev/null +++ b/tests/data/test1329 @@ -0,0 +1,30 @@ + + + +HTTP proxy + + + +# +# Client-side + + +http + + +/-prefixed proxy name + + +http://%HOSTIP:%HTTPPORT/we/want/that/page/1329 -x "/server" + + + +# +# Verify data after the test has been "shot" + +# 5 == CURLE_COULDNT_RESOLVE_PROXY + +5 + + +