Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
[Feature Request] Optional flag to disable path normalization for libcurl's URL API
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: coder man via curl-library <curl-library_at_cool.haxx.se>
Date: Sun, 21 Feb 2021 07:44:43 -0500
Hi there!
I gonna use libcurl's URL API as the URL parser for a web security fuzzer
program.
Curl has a nice feature to disable URL path normalization while sending
HTTP requests (--path-as-is CLI argumet):
https://curl.se/libcurl/c/CURLOPT_PATH_AS_IS.html
Unfortunately, the URL API does not have such a thing to disable path
normalization while parsing the URLs:
https://curl.se/libcurl/c/curl_url_get.html
https://curl.se/libcurl/c/curl_url_set.html
Defining a new flag to disable the default path normalization behaviour may
help.
Regards.
Proof of the concept:
#include "stdio.h"
#include "curl/curl.h"
int main() {
CURLU *url_handle = curl_url();
curl_url_set(url_handle, CURLUPART_URL, "
http://www.example.com/../../path", 0);
char *full_url;
curl_url_get(url_handle,CURLUPART_URL,&full_url,0);
puts(full_url);
// Output: http://www.example.com/path ("../" characters were removed)
curl_free(full_url);
curl_url_cleanup(url_handle);
return 0;
}
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
Received on 2021-02-21
Date: Sun, 21 Feb 2021 07:44:43 -0500
Hi there!
I gonna use libcurl's URL API as the URL parser for a web security fuzzer
program.
Curl has a nice feature to disable URL path normalization while sending
HTTP requests (--path-as-is CLI argumet):
https://curl.se/libcurl/c/CURLOPT_PATH_AS_IS.html
Unfortunately, the URL API does not have such a thing to disable path
normalization while parsing the URLs:
https://curl.se/libcurl/c/curl_url_get.html
https://curl.se/libcurl/c/curl_url_set.html
Defining a new flag to disable the default path normalization behaviour may
help.
Regards.
Proof of the concept:
#include "stdio.h"
#include "curl/curl.h"
int main() {
CURLU *url_handle = curl_url();
curl_url_set(url_handle, CURLUPART_URL, "
http://www.example.com/../../path", 0);
char *full_url;
curl_url_get(url_handle,CURLUPART_URL,&full_url,0);
puts(full_url);
// Output: http://www.example.com/path ("../" characters were removed)
curl_free(full_url);
curl_url_cleanup(url_handle);
return 0;
}
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
Received on 2021-02-21