cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [SECURITY ADVISORY] curl invalid URL parsing with '#'

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sun, 6 Nov 2016 00:38:25 +0100 (CET)

On Fri, 4 Nov 2016, Ray Satiro via curl-library wrote:

> I'm not sure that this is a bug, it seems more correct than it was before.
> However if for backwards compatibility we wanted to skip that for file it
> should be simple
>
> - if(path[0] != '/') {
> + if(path[0] != '/' && !strcasecompare(protop, "file")) {

Changing that behavior was not intended with this commit so I figure it is
worth getting the former treatment back. I'd be much happier if we could write
up a test case for this as well so we can catch this the next time.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:  https://curl.haxx.se/mail/etiquette.html
Received on 2016-11-06