Skip to content

Percent-encoded host names in URLs are not decoded #7830

Closed
@bagder

Description

@bagder

I did this

$ curl https://%63url.se/
curl: (6) Could not resolve host: %63url.se

The percent-encoding in the host name was not acknowledge but is used as-is! The RFC 3986 section for host name says it can be percent encoded!

I expected the following

$ curl https://%63url.se/
[content from https://curl.se]

... since %63 would be decoded to 'c'.

curl/libcurl version

7.79.1 and git master

operating system

any

credits

This flaw was identified by Noam Moshe,Sharon Brizinov, Raul Onitza-Klugman and Kirill Efimov

Metadata

Metadata

Assignees

Labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions