urlparse: accept '#' as end of host name (3bb273db) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

Commit 3bb273db authored Oct 11, 2016 by

Daniel Stenberg

urlparse: accept '#' as end of host name

'http://example.com#@127.0.0.1/x.txt' equals a request to example.com
for the '/' document with the rest of the URL being a fragment.

CVE-2016-8624

Bug: https://curl.haxx.se/docs/adv_20161102J.html
Reported-by: Fernando Muñoz

parent 164ee10b

Hide whitespace changes

Inline Side-by-side

Please register or to comment