R5Reloaded/r5sdk
1
0
Fork 0
mirror of https://github.com/Mauler125/r5sdk.git synced 2025-02-09 19:15:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix 'CVE-2017-9502'

Browse Source 
Merge: curl/curl@5d7952f52e
This commit is contained in:
Kawe Mazidjatari 2023-06-12 19:22:14 +02:00
parent 4368210a5c
commit e6cb575586
1 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
r5dev/thirdparty/curl/url.c vendored
View File

@ -4430,6 +4430,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
#endif
protop = "file"; /* protocol string */
*prot_missing = !url_has_scheme;
}
else {
/* clear path */
@ -4593,14 +4594,30 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
size_t plen = strlen(path); /* new path, should be 1 byte longer than
the original */
size_t urllen = strlen(data->change.url); /* original URL length */
size_t prefixlen = strlen(conn->host.name);
if(!*prot_missing)
prefixlen += strlen(protop) + strlen("://");
if(!*prot_missing) {
size_t protolen = strlen(protop);
reurl = malloc(urllen + 2); /* 2 for zerobyte + slash */
if(curl_strnequal(protop, data->change.url, protolen))
prefixlen += protolen;
else {
failf(data, "<url> malformed");
return CURLE_URL_MALFORMAT;
}
if(curl_strnequal("://", &data->change.url[protolen], 3))
prefixlen += 3;
/* only file: is allowed to omit one or both slashes */
else if(curl_strnequal("file:", data->change.url, 5))
prefixlen += 1 + (data->change.url[5] == '/');
else {
failf(data, "<url> malformed");
return CURLE_URL_MALFORMAT;
}
}
reurl = malloc(prefixlen + plen + 1);
if(!reurl)
return CURLE_OUT_OF_MEMORY;