romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-06-21 22:05:42 +03:00
Code Issues Projects Releases Packages Wiki Activity

url-parsing: reject CRLFs within URLs

Browse source 
Bug: http://curl.haxx.se/docs/adv_20150108B.html
Reported-by: Andrey Labunets
This commit is contained in:
Daniel Stenberg 2014-12-25 23:55:03 +01:00
parent f7d5ecec9c
commit 178bd7db34
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
lib/url.c
View file

@ -3842,6 +3842,13 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
*prot_missing = FALSE;
/* We might pass the entire URL into the request so we need to make sure
* there are no bad characters in there.*/
if(strpbrk(data->change.url, "\r\n")) {
failf(data, "Illegal characters found in URL");
return CURLE_URL_MALFORMAT;
}
/*************************************************************
* Parse the URL.
*