]> granicus.if.org Git - curl/commitdiff
doh: allow only http and https in debug mode
authorPaul Dreik <github@pauldreik.se>
Mon, 23 Sep 2019 11:11:49 +0000 (13:11 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Mon, 23 Sep 2019 20:38:23 +0000 (22:38 +0200)
Otherwise curl may be told to use for instance pop3 to
communicate with the doh server, which most likely
is not what you want.

Found through fuzzing.

Closes #4406

lib/doh.c

index 05a6cc2357903ab177b9041d2d3e4af39dd2241c..196e89d93dfc23d6f6770e1b09fd36452910951b 100644 (file)
--- a/lib/doh.c
+++ b/lib/doh.c
@@ -264,6 +264,9 @@ static CURLcode dohprobe(struct Curl_easy *data,
 #ifndef CURLDEBUG
     /* enforce HTTPS if not debug */
     ERROR_CHECK_SETOPT(CURLOPT_PROTOCOLS, CURLPROTO_HTTPS);
+#else
+    /* in debug mode, also allow http */
+    ERROR_CHECK_SETOPT(CURLOPT_PROTOCOLS, CURLPROTO_HTTP|CURLPROTO_HTTPS);
 #endif
     ERROR_CHECK_SETOPT(CURLOPT_TIMEOUT_MS, (long)timeout_ms);
     if(data->set.verbose)