Menu

#1200 Remove Dot Segments in redirect URLs

closed-fixed
None
6
2014-11-13
2013-02-27
Alex Vinnik
No

$ ~/bin/curl -V
curl 7.29.1-DEV (i686-pc-linux-gnu) libcurl/7.29.1-DEV OpenSSL/1.0.1 zlib/
1.2.3.4 libidn/1.23 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3
pop3s rtmp rtsp smtp smtps telnet tftp
Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP

http://curl.haxx.se/mail/lib-2013-02/0345.html

https://groups.google.com/a/chromium.org/forum/?fromgroups=#!topic/chromium-discuss/Aa_gQn40-zE/overview

Discussion

  • Daniel Stenberg

    Daniel Stenberg - 2013-03-04

    Please detail the bug in this report without linking to someone else's explanation.

     
    • Alex Vinnik

      Alex Vinnik - 2013-03-04

      Daniel,

      All those links were in fact created by me so I just included them in the bug report w/o realizing that this report and those posts under different names. Sorry for confusion. I think Michael Wood posted quite a good summary of the problem. Let me know if more details are needed. -Alex

       
  • Daniel Stenberg

    Daniel Stenberg - 2013-03-04

    Michael Wood clarified on the curl-library list: http://curl.haxx.se/mail/lib-2013-03/0029.html

     
    • Alex Vinnik

      Alex Vinnik - 2013-03-04

      Thanks, Michael! That is exactly what is happening.

       
  • Daniel Stenberg

    Daniel Stenberg - 2013-04-01

    Raised prio, since it may actually cause some resources to not be possible to fetch even if this bug has always been present in libcurl and it very rarely actually hits users.

     
  • Daniel Stenberg

    Daniel Stenberg - 2013-06-15

    I now have some initial work on this going on. May post a patch within a couple of days.

     
  • Daniel Stenberg

    Daniel Stenberg - 2013-06-16

    Ok, here's my first take at a patch that removes .. and . sequences from the path. There's also a unit test for the function but I believe it still doesn't handle fragments properly in combination with ../-removal.

     
  • Daniel Stenberg

    Daniel Stenberg - 2013-06-22
    • status: open-confirmed --> closed-fixed
     
  • Daniel Stenberg

    Daniel Stenberg - 2013-06-22

    Thanks for the report, this fix is now pushed as commit 7877619f856a04. Please try it out. Case closed!