url: reject ASCII control characters and space in host names

/*

 * Perform any necessary IDN conversion of hostname

 */

static void fix_hostname(struct connectdata *conn, struct hostname *host)

static CURLcode fix_hostname(struct connectdata *conn, struct hostname *host)

{

  size_t len;

  struct Curl_easy *data = conn->data;

        /* change the name pointer to point to the encoded hostname */

        host->name = host->encalloc;

      }

      else

        infof(data, "Failed to convert %s to ACE; %s\n", host->name,

      else {

        failf(data, "Failed to convert %s to ACE; %s\n", host->name,

              idn2_strerror(rc));

        return CURLE_URL_MALFORMAT;

      }

    }

#elif defined(USE_WIN32_IDN)

    char *ace_hostname = NULL;

      /* change the name pointer to point to the encoded hostname */

      host->name = host->encalloc;

    }

    else

      infof(data, "Failed to convert %s to ACE;\n", host->name);

    else {

      failf(data, "Failed to convert %s to ACE;\n", host->name);

      return CURLE_URL_MALFORMAT;

    }

#else

    infof(data, "IDN support not present, can't parse Unicode domains\n");

#endif

  }

  {

    char *hostp;

    for(hostp = host->name; *hostp; hostp++) {

      if(*hostp <= 32) {

        failf(data, "Host name '%s' contains bad letter", host->name);

        return CURLE_URL_MALFORMAT;

      }

    }

  }

  return CURLE_OK;

}

/*

  /*************************************************************

   * IDN-fix the hostnames

   *************************************************************/

  fix_hostname(conn, &conn->host);

  if(conn->bits.conn_to_host)

    fix_hostname(conn, &conn->conn_to_host);

  if(conn->bits.httpproxy)

    fix_hostname(conn, &conn->http_proxy.host);

  if(conn->bits.socksproxy)

    fix_hostname(conn, &conn->socks_proxy.host);

  result = fix_hostname(conn, &conn->host);

  if(result)

    goto out;

  if(conn->bits.conn_to_host) {

    result = fix_hostname(conn, &conn->conn_to_host);

    if(result)

      goto out;

  }

  if(conn->bits.httpproxy) {

    result = fix_hostname(conn, &conn->http_proxy.host);

    if(result)

      goto out;

  }

  if(conn->bits.socksproxy) {

    result = fix_hostname(conn, &conn->socks_proxy.host);

    if(result)

      goto out;

  }

  /*************************************************************

   * Check whether the host and the "connect to host" are equal.

#

# Server-side

<reply>

<data>

HTTP/1.0 503 Service Unavailable

Date: Thu, 09 Nov 2010 14:49:00 GMT

Server: test-server/fake swsclose

Content-Type: text/html

Funny-head: yesyes

</data>

</reply>

#

# Client-side

<client>

<server>

http

none

</server>

<features>

idn

http

</features>

<setenv>

LC_ALL=

</client>

#

# Verify data after the test has been "shot"

<verify>

<strip>

^User-Agent:.*

</strip>

<protocol>

GET http://invalid-utf8-.local/page/1034 HTTP/1.1

Host: invalid-utf8-.local

Accept: */*

Proxy-Connection: Keep-Alive

</protocol>

<errorcode>

3

</errorcode>

</verify>

</testcase>

#

# Server-side

<reply>

<data>

HTTP/1.0 503 Service Unavailable

Date: Thu, 09 Nov 2010 14:49:00 GMT

Server: test-server/fake swsclose

Content-Type: text/html

Funny-head: yesyes

</data>

</reply>

#

# Client-side

<client>

<server>

http

none

</server>

<features>

idn

http

</features>

<setenv>

LC_ALL=

<strip>

^User-Agent:.*

</strip>

<protocol>

GET http://too-long-IDN-name-cürl-rüles-la-la-la-dee-da-flooby-nooby.local/page/1035 HTTP/1.1

Host: too-long-IDN-name-cürl-rüles-la-la-la-dee-da-flooby-nooby.local

Accept: */*

Proxy-Connection: Keep-Alive

</protocol>

<errorcode>

3

</errorcode>

</verify>

</testcase>