romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-17 20:56:22 +03:00
Code Issues Projects Releases Packages Wiki Activity

urlapi: reject percent-decoding host name into separator bytes

Browse source 
CVE-2022-27780

Reported-by: Axel Chong
Bug: https://curl.se/docs/CVE-2022-27780.html
Closes #8826
This commit is contained in:
Daniel Stenberg 2022-05-09 08:19:38 +02:00
parent 5c7da89d40
commit 914aaab915
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/urlapi.c
View file

@ -678,8 +678,8 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname)
#endif
}
else {
/* letters from the second string is not ok */
len = strcspn(hostname, " \r\n");
/* letters from the second string are not ok */
len = strcspn(hostname, " \r\n\t/:#?!@");
if(hlen != len)
/* hostname with bad content */
return CURLUE_BAD_HOSTNAME;