Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

URL scheme validation does not correctly implement RFC 3986 #11249

Closed
ad0p opened this issue Jun 4, 2023 · 0 comments
Closed

URL scheme validation does not correctly implement RFC 3986 #11249

ad0p opened this issue Jun 4, 2023 · 0 comments
Assignees
Labels

Comments

@ad0p
Copy link

ad0p commented Jun 4, 2023

I am trying to use curl_url_set to validate a string and check whether it's a valid URL. I use option CURLU_NON_SUPPORT_SCHEME as I need to support custom schemes.

In urlapi.c, there is the following comment:

  /* RFC 3986 3.1 explains:
    scheme      = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
  */

But actual implementation is more like:

    scheme      =  1*( ALPHA / DIGIT / "+" / "-" / "." )

I have tested that the following examples are marked by libcurl curl_url_set as valid:

  • 1h://example1
  • ..://example2
  • -://example3
    -+://example4

Those are not valid URLs according to RFC 3986 3.1, but libcurl treats them as valid ones.

@bagder bagder added the URL label Jun 5, 2023
@bagder bagder self-assigned this Jun 5, 2023
bagder added a commit that referenced this issue Jun 5, 2023
Add multiple tests to lib1560 to verify

Fixes #11249
Reported-by: ad0p on github
@bagder bagder closed this as completed in ba669d0 Jun 5, 2023
bch pushed a commit to bch/curl that referenced this issue Jul 19, 2023
Add multiple tests to lib1560 to verify

Fixes curl#11249
Reported-by: ad0p on github
Closes curl#11250
ptitSeb pushed a commit to wasix-org/curl that referenced this issue Sep 25, 2023
Add multiple tests to lib1560 to verify

Fixes curl#11249
Reported-by: ad0p on github
Closes curl#11250
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

Successfully merging a pull request may close this issue.

2 participants