url-parsing: reject CRLFs within URLs

Bug: http://curl.haxx.se/docs/adv_20150108B.html Reported-by: Andrey Labunets
curl · Jan 7, 2015 · 178bd7d · 178bd7d
1 parent f7d5ece
commit 178bd7d
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/lib/url.c b/lib/url.c
@@ -3842,6 +3842,13 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
 
   *prot_missing = FALSE;
 
+  /* We might pass the entire URL into the request so we need to make sure
+   * there are no bad characters in there.*/
+  if(strpbrk(data->change.url, "\r\n")) {
+    failf(data, "Illegal characters found in URL");
+    return CURLE_URL_MALFORMAT;
+  }
+
   /*************************************************************
    * Parse the URL.
    *