From a8e6f90a6980a70839823b7fe5f6e0faeeec4833 Mon Sep 17 00:00:00 2001
From: tiymat <138939221+tiymat@users.noreply.github.com>
Date: Tue, 26 May 2026 22:35:27 -0230
Subject: [PATCH] urlapi: forbid '|' in host

Closes #21762
---
 lib/urlapi.c            | 2 +-
 tests/libtest/lib1560.c | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/urlapi.c b/lib/urlapi.c
index ef5b2b48e9..589a400834 100644
--- a/lib/urlapi.c
+++ b/lib/urlapi.c
@@ -471,7 +471,7 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname,
     return ipv6_parse(u, hostname, hlen);
   else {
     /* letters from the second string are not ok */
-    len = strcspn(hostname, " \r\n\t/:#?!@{}[]\\$\'\"^`*<>=;,+&()%");
+    len = strcspn(hostname, " \r\n\t/:#?!@{}[]\\$\'\"^`*<>=;,+&()%|");
     if(hlen != len)
       /* hostname with bad content */
       return CURLUE_BAD_HOSTNAME;
diff --git a/tests/libtest/lib1560.c b/tests/libtest/lib1560.c
index 3eeed6b694..69c7fd857b 100644
--- a/tests/libtest/lib1560.c
+++ b/tests/libtest/lib1560.c
@@ -326,6 +326,7 @@ static const struct testcase get_parts_list[] = {
   {"https://user@example.net?he l lo",
    "https | user | [12] | [13] | example.net | [15] | / | he l lo | [17]",
    CURLU_ALLOW_SPACE, 0, CURLUE_OK},
+  {"https://exam|ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
   {"https://exam{}[]ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
   {"https://exam{ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
   {"https://exam}ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},