url: reject ASCII control characters and space in host names

Host names like "127.0.0.1 moo" would otherwise be accepted by some
getaddrinfo() implementations.

Fixes #2073

lib/url.c

@@ -1688,7 +1688,7 @@ static bool is_ASCII_name(const char *hostname)
 /*
  * Perform any necessary IDN conversion of hostname
  */
-static void fix_hostname(struct connectdata *conn, struct hostname *host)
+static CURLcode fix_hostname(struct connectdata *conn, struct hostname *host)
 {
   size_t len;
   struct Curl_easy *data = conn->data;
@@ -1746,6 +1746,16 @@ static void fix_hostname(struct connectdata *conn, struct hostname *host)
     infof(data, "IDN support not present, can't parse Unicode domains\n");
 #endif
   }
+  {
+    char *hostp;
+    for(hostp = host->name; *hostp; hostp++) {
+      if(*hostp <= 32) {
+        failf(data, "Host name '%s' contains bad letter", host->name);
+        return CURLE_URL_MALFORMAT;
+      }
+    }
+  }
+  return CURLE_OK;
 }
 
 /*
@@ -4179,13 +4189,21 @@ static CURLcode create_conn(struct Curl_easy *data,
   /*************************************************************
    * IDN-fix the hostnames
    *************************************************************/
-  fix_hostname(conn, &conn->host);
-  if(conn->bits.conn_to_host)
-    fix_hostname(conn, &conn->conn_to_host);
-  if(conn->bits.httpproxy)
-    fix_hostname(conn, &conn->http_proxy.host);
-  if(conn->bits.socksproxy)
-    fix_hostname(conn, &conn->socks_proxy.host);
+  result = fix_hostname(conn, &conn->host);
+  if(result)
+    goto out;
+  if(conn->bits.conn_to_host) {
+    result = fix_hostname(conn, &conn->conn_to_host);
+    goto out;
+  }
+  if(conn->bits.httpproxy) {
+    result = fix_hostname(conn, &conn->http_proxy.host);
+    goto out;
+  }
+  if(conn->bits.socksproxy) {
+    result = fix_hostname(conn, &conn->socks_proxy.host);
+    goto out;
+  }
 
   /*************************************************************
    * Check whether the host and the "connect to host" are equal.