Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URL scheme validation does not correctly implement RFC 3986 #11249

Closed
ad0p opened this issue Jun 4, 2023 · 0 comments
Closed

URL scheme validation does not correctly implement RFC 3986 #11249

ad0p opened this issue Jun 4, 2023 · 0 comments
Assignees
@bagder
Labels
URL

Comments

@ad0p
Copy link

ad0p commented Jun 4, 2023
edited

I am trying to use curl_url_set to validate a string and check whether it's a valid URL. I use option CURLU_NON_SUPPORT_SCHEME as I need to support custom schemes.

In urlapi.c, there is the following comment:

  /* RFC 3986 3.1 explains:
    scheme      = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
  */

But actual implementation is more like:

    scheme      =  1*( ALPHA / DIGIT / "+" / "-" / "." )

I have tested that the following examples are marked by libcurl curl_url_set as valid:

  • 1h://example1
  • ..://example2
  • -://example3
    -+://example4

Those are not valid URLs according to RFC 3986 3.1, but libcurl treats them as valid ones.
@bagder bagder added the URL label Jun 5, 2023
@bagder bagder self-assigned this Jun 5, 2023
bagder added a commit that referenced this issue Jun 5, 2023
@bagder
urlapi: scheme starts with alpha
975641f 
Add multiple tests to lib1560 to verify

Fixes #11249
Reported-by: ad0p on github
@bagder bagder mentioned this issue Jun 5, 2023
Closed
@bagder bagder closed this as completed in ba669d0 Jun 5, 2023
bch pushed a commit to bch/curl that referenced this issue Jul 19, 2023
@bagder @bch
urlapi: scheme starts with alpha
2d79ab5 
Add multiple tests to lib1560 to verify

Fixes curl#11249
Reported-by: ad0p on github
Closes curl#11250
ptitSeb pushed a commit to wasix-org/curl that referenced this issue Sep 25, 2023
@bagder @ptitSeb
urlapi: scheme starts with alpha
0a75311 
Add multiple tests to lib1560 to verify

Fixes curl#11249
Reported-by: ad0p on github
Closes curl#11250
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bagder bagder

Labels
URL
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

urlapi: scheme starts with alpha curl/curl
2 participants
@bagder @ad0p