Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doh: respect timeout and restrict debug builds to http and https #4406

Closed
wants to merge 2 commits into from

Conversation

@pauldreik
Copy link
Contributor

commented Sep 23, 2019

doh did not time out properly. This change makes it return early with CURLE_OPERATION_TIMEDOUT.

In debug builds, doh could be configured to use any protocol, which lead to it trying to do doh over pop3 when the http fuzzer was running. It is now restricted to http and https.

pauldreik added 2 commits Sep 23, 2019
Otherwise curl may be told to use for instance pop3 to
communicate with the doh server, which most likely
is not what you want.

Found through fuzzing.
@bagder
bagder approved these changes Sep 23, 2019
@bagder bagder closed this in bb74201 Sep 23, 2019
bagder added a commit that referenced this pull request Sep 23, 2019
Otherwise curl may be told to use for instance pop3 to
communicate with the doh server, which most likely
is not what you want.

Found through fuzzing.

Closes #4406
@bagder

This comment has been minimized.

Copy link
Member

commented Sep 23, 2019

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.