Skip to content

doh: respect timeout and restrict debug builds to http and https#4406

Closed
pauldreik wants to merge 2 commits intocurl:masterfrom
pauldreik:paul/check_doh_timeout
Closed

doh: respect timeout and restrict debug builds to http and https#4406
pauldreik wants to merge 2 commits intocurl:masterfrom
pauldreik:paul/check_doh_timeout

Conversation

@pauldreik
Copy link
Contributor

@pauldreik pauldreik commented Sep 23, 2019

doh did not time out properly. This change makes it return early with CURLE_OPERATION_TIMEDOUT.

In debug builds, doh could be configured to use any protocol, which lead to it trying to do doh over pop3 when the http fuzzer was running. It is now restricted to http and https.

@pauldreik
doh: return early if there is no time left
fdd729f
@pauldreik
doh: allow only http and https in debug mode
5a1379c 
Otherwise curl may be told to use for instance pop3 to
communicate with the doh server, which most likely
is not what you want.

Found through fuzzing.
@bagder bagder closed this in bb74201 Sep 23, 2019
bagder pushed a commit that referenced this pull request Sep 23, 2019
@pauldreik @bagder
doh: allow only http and https in debug mode
a5bf6a3 
Otherwise curl may be told to use for instance pop3 to
communicate with the doh server, which most likely
is not what you want.

Found through fuzzing.

Closes #4406
@bagder
Copy link
Member

bagder commented Sep 23, 2019

Thanks!

@bagder bagder mentioned this pull request Sep 23, 2019
Closed
@pauldreik pauldreik mentioned this pull request Sep 29, 2019
Open
@lock lock bot locked as resolved and limited conversation to collaborators Dec 22, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@bagder bagder bagder approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pauldreik @bagder