romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-30 11:27:29 +03:00
Code Issues Projects Releases Packages Wiki Activity

hsts: remove assert for zero length domain

Browse source 
A zero length domain can happen if the HSTS parser is given invalid
input data which is not unheard of and is done by the fuzzer.

Follow-up from cfe7902111

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65661

Closes #12676
This commit is contained in:
Daniel Stenberg 2024-01-10 09:46:19 +01:00
parent a9e128d569
commit 24ae4a07f3
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 14 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

32
lib/hsts.c
View file

@ -117,8 +117,6 @@ static CURLcode hsts_create(struct hsts *h,
bool subdomains,
curl_off_t expires)
{
struct stsentry *sts;
char *duphost;
size_t hlen;
DEBUGASSERT(h);
DEBUGASSERT(hostname);
@ -127,25 +125,23 @@ static CURLcode hsts_create(struct hsts *h,
if(hlen && (hostname[hlen - 1] == '.'))
/* strip off any trailing dot */
--hlen;
DEBUGASSERT(hlen);
if(!hlen)
/* no host name left */
return CURLE_BAD_FUNCTION_ARGUMENT;
if(hlen) {
char *duphost;
struct stsentry *sts = hsts_entry();
if(!sts)
return CURLE_OUT_OF_MEMORY;
sts = hsts_entry();
if(!sts)
return CURLE_OUT_OF_MEMORY;
duphost = Curl_memdup0(hostname, hlen);
if(!duphost) {
free(sts);
return CURLE_OUT_OF_MEMORY;
}
duphost = Curl_memdup0(hostname, hlen);
if(!duphost) {
free(sts);
return CURLE_OUT_OF_MEMORY;
sts->host = duphost;
sts->expires = expires;
sts->includeSubDomains = subdomains;
Curl_llist_insert_next(&h->list, h->list.tail, sts, &sts->node);
}
sts->host = duphost;
sts->expires = expires;
sts->includeSubDomains = subdomains;
Curl_llist_insert_next(&h->list, h->list.tail, sts, &sts->node);
return CURLE_OK;
}