-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
urlapi: stricter CURLUPART_PORT parsing #3762
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Nice fix @jay. I think we should also add a test for that case. I can do that tomorrow. |
I might not have gone far enough. The reporter in #3753 basically showed that CURLOPT_PORT 1234L set that port in his
Internally Lines 3009 to 3025 in 521bbbe
My fix would allow the user to use |
I think you're overthinking it. This PR and change is only about how to parse the The #3753 issue was totally separate. It occurred primarily because curl modified the handle that it wasn't supposed to touch so even when setting |
Oh sorry, this extra
So NULL, not "", has that effect. I'll add a test case for it. |
Oops. I also missed that in the code and now it seems totally obvious. Does portnum need to be cleared: diff --git a/lib/urlapi.c b/lib/urlapi.c
index 3da8ff8..0eb06d2 100644
--- a/lib/urlapi.c
+++ b/lib/urlapi.c
@@ -1145,6 +1145,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
storep = &u->host;
break;
case CURLUPART_PORT:
+ u->portnum = 0;
storep = &u->port;
break;
case CURLUPART_PATH: |
yes! |
Only allow well formed decimal numbers in the input. Document that the number MUST be between 1 and 65535. Add tests to test 1560 to verify the above. Ref: #3753
7161253
to
89543f7
Compare
Only allow well formed decimal numbers in the input.
Document that the number MUST be between 1 and 65535.
Add tests to test 1560 to verify the above.
Ref: #3753