Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
curl with c-ares tries to resolve an URL with ipv6 w/ zone index when passed in as a proxy #3482
I did this
curl tries to resolve an IPv6 address w/ zone index as if it's a hostname when
Doesn't work if % is encoded as %25 either:
Bug is also reproducible with a program written against libcurl and setting
I expected the following
curl w/o c-ares works, but only if % is not encoded as %25 (as recommended)
(The server is actually a simple HTTP server and not a proxy, but is enough to illustrate this bug.)
if encoded as %25:
This issue actually seems independent of resolver backend. The code basically never handles or strips off the zone string before it gets sent to the resolver function. The string will then not be treated an IPv6-only address and gets passed to the actual name resolver function, which in the c-ares case will fail like above but I'm pretty sure it might also fail.
In the report it mentions how '%' only works but not '%25', which is probably because the string isn't properly URL decoded before passed on to the resolver function and the reporter's resolver function seems to deal with the zone index. In my tests with the threaded resolver, this setup triggered errors similar to the c-ares case. (Possibly because of the wrong zone/IP.)