urlapi: fix URL encoding when setting a full URL

author Daniel Stenberg <daniel@haxx.se>

Tue, 1 Oct 2019 07:53:28 +0000 (09:53 +0200)

committer Daniel Stenberg <daniel@haxx.se>

Wed, 2 Oct 2019 05:53:17 +0000 (07:53 +0200)
author Daniel Stenberg <daniel@haxx.se>
Tue, 1 Oct 2019 07:53:28 +0000 (09:53 +0200)
committer Daniel Stenberg <daniel@haxx.se>
Wed, 2 Oct 2019 05:53:17 +0000 (07:53 +0200)
diff --git a/lib/urlapi.c b/lib/urlapi.c

index 1c13077ec008605faa44e03390676f1ffe4687c2..a57c5e72e1342823b4bf53f0e9089ffc061a65f7 100644 (file)
--- a/lib/urlapi.c
+++ b/lib/urlapi.c
@@ -851,6 +851,16 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags)
    if(junkscan(path))
      return CURLUE_MALFORMED_INPUT;
  
+  if((flags & CURLU_URLENCODE) && path[0]) {
+    /* worst case output length is 3x the original! */
+    char *newp = malloc(strlen(path) * 3);
+    if(!newp)
+      return CURLUE_OUT_OF_MEMORY;
+    path_alloced = TRUE;
+    strcpy_url(newp, path, TRUE); /* consider it relative */
+    path = newp;
+  }
+
    fragment = strchr(path, '#');
    if(fragment)
      *fragment++ = 0;
@@ -865,11 +875,16 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags)
    else if(!(flags & CURLU_PATH_AS_IS)) {
      /* sanitise paths and remove ../ and ./ sequences according to RFC3986 */
      char *newp = Curl_dedotdotify(path);
-    if(!newp)
+    if(!newp) {
+      if(path_alloced)
+        free(path);
        return CURLUE_OUT_OF_MEMORY;
+    }
  
      if(strcmp(newp, path)) {
        /* if we got a new version */
+      if(path_alloced)
+        free(path);
        path = newp;
        path_alloced = TRUE;
      }
author	Daniel Stenberg <daniel@haxx.se>
	Tue, 1 Oct 2019 07:53:28 +0000 (09:53 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Wed, 2 Oct 2019 05:53:17 +0000 (07:53 +0200)