Commit 34634080 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

URL-parser: for file://[host]/ URLs, the [host] must be localhost 

Previously, the [host] part was just ignored which made libcurl accept
strange URLs misleading users. like "file://etc/passwd" which might've
looked like it refers to "/etc/passwd" but is just "/passwd" since the
"etc" is an ignored host name.

Reported-by: Mike Crowe
Assisted-by: Kamil Dudka
parent 8c15e0de

lib/url.c

+30 −25
Original line number Diff line number Diff line
@@ -4068,11 +4068,17 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, 
     * the URL protocols specified in RFC 1738

     */

    if(path[0] != '/') {

      /* the URL included a host name, we ignore host names in file:// URLs

         as the standards don't define what to do with them */

      char *ptr=strchr(path, '/');

      if(ptr) {

        /* there was a slash present

      /* the URL includes a host name, it must match "localhost" or

         "127.0.0.1" to be valid */

      char *ptr;

      if(!checkprefix("localhost/", path) &&

         !checkprefix("127.0.0.1/", path)) {

        failf(data, "Valid host name with slash missing in URL");

        return CURLE_URL_MALFORMAT;

      }

      ptr = &path[9]; /* now points to the slash after the host */



      /* there was a host name and slash present



         RFC1738 (section 3.1, page 5) says:
@@ -4087,7 +4093,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, 
         the same file with an absolute path.

      */



        if(ptr[1] && ('/' == ptr[1]))

      if('/' == ptr[1])

        /* if there was two slashes, we skip the first one as that is then

           used truly as a separator */

        ptr++;
@@ -4095,7 +4101,6 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, 
      /* This cannot be made with strcpy, as the memory chunks overlap! */

      memmove(path, ptr, strlen(ptr)+1);

    }

    }



    protop = "file"; /* protocol string */

  }