github-repos/wget
1
0
Fork 0
mirror of https://github.com/mirror/wget.git synced 2025-04-24 12:10:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix CRLF injection in Wget host part

Browse Source 
* src/url.c (url_parse): Reject control characters in host part of URL

Reported-by: Orange Tsai
This commit is contained in:
Tim Rühsen 2017-03-06 10:04:22 +01:00
parent 63c2aea255
commit 4d729e322f
1 changed files with 11 additions and 0 deletions

11
src/url.c
View File

@ -925,6 +925,17 @@ url_parse (const char *url, int *error, struct iri *iri, bool percent_encode)
url_unescape (u->host);
host_modified = true;
/* check for invalid control characters in host name */
for (p = u->host; *p; p++)
{
if (c_iscntrl(*p))
{
url_free(u);
error_code = PE_INVALID_HOST_NAME;
goto error;
}
}
/* Apply IDNA regardless of iri->utf8_encode status */
if (opt.enable_iri && iri)
{