From 15401fa886b707ae2a42b95fa6cf313685306492 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 4 Mar 2019 12:03:39 +0100 Subject: [PATCH] CURLU: fix NULL dereference when used over proxy Test 659 verifies Also fixed the test 658 name Closes #3641 --- lib/url.c | 5 ++- tests/data/Makefile.inc | 2 +- tests/data/test658 | 3 +- tests/data/test659 | 54 +++++++++++++++++++++++++++ tests/libtest/Makefile.inc | 5 +++ tests/libtest/lib659.c | 75 ++++++++++++++++++++++++++++++++++++++ 6 files changed, 140 insertions(+), 4 deletions(-) create mode 100644 tests/data/test659 create mode 100644 tests/libtest/lib659.c diff --git a/lib/url.c b/lib/url.c index bc00bfae6..76e912231 100644 --- a/lib/url.c +++ b/lib/url.c @@ -304,7 +304,8 @@ static void up_free(struct Curl_easy *data) Curl_safefree(up->options); Curl_safefree(up->path); Curl_safefree(up->query); - curl_url_cleanup(data->state.uh); + if(data->set.uh != data->state.uh) + curl_url_cleanup(data->state.uh); data->state.uh = NULL; } @@ -2046,7 +2047,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, /* parse the URL */ if(data->set.uh) { - uh = data->set.uh; + uh = data->state.uh = data->set.uh; } else { uh = data->state.uh = curl_url(); diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 29e8c6924..75197d7f7 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -83,7 +83,7 @@ test617 test618 test619 test620 test621 test622 test623 test624 test625 \ test626 test627 test628 test629 test630 test631 test632 test633 test634 \ test635 test636 test637 test638 test639 test640 test641 test642 \ test643 test644 test645 test646 test647 test648 test649 test650 test651 \ -test652 test653 test654 test655 test656 test658 \ +test652 test653 test654 test655 test656 test658 test659 \ \ test700 test701 test702 test703 test704 test705 test706 test707 test708 \ test709 test710 test711 test712 test713 test714 test715 \ diff --git a/tests/data/test658 b/tests/data/test658 index 8c77eafec..2ed6d6429 100644 --- a/tests/data/test658 +++ b/tests/data/test658 @@ -3,6 +3,7 @@ HTTP HTTP GET +CURLOPT_CURLU @@ -29,7 +30,7 @@ http lib658 -HTTP GET +Pass URL to libcurl with CURLOPT_CURLU http://%HOSTIP:%HTTPPORT/658 diff --git a/tests/data/test659 b/tests/data/test659 new file mode 100644 index 000000000..43e1aaf92 --- /dev/null +++ b/tests/data/test659 @@ -0,0 +1,54 @@ + + + +HTTP +HTTP GET +CURLOPT_CURLU +proxy + + + + +HTTP/1.1 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 6 +Connection: close +Content-Type: text/html +Funny-head: yesyes + +-foo- + + + + +http + + +lib659 + + +CURLOPT_CURLU without the path set - over proxy + + +http://%HOSTIP:%HTTPPORT + + + + + +^User-Agent:.* + + +GET http://www.example.com:80/ HTTP/1.1 +Host: www.example.com +Accept: */* +Proxy-Connection: Keep-Alive + + + + + diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc index 91fd85a87..1817dc348 100644 --- a/tests/libtest/Makefile.inc +++ b/tests/libtest/Makefile.inc @@ -22,6 +22,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect \ lib571 lib572 lib573 lib574 lib575 lib576 lib578 lib579 lib582 \ lib583 lib585 lib586 lib587 lib589 lib590 lib591 lib597 lib598 lib599 \ lib643 lib644 lib645 lib650 lib651 lib652 lib653 lib654 lib655 lib658 \ + lib659 \ lib1156 \ lib1500 lib1501 lib1502 lib1503 lib1504 lib1505 lib1506 lib1507 lib1508 \ lib1509 lib1510 lib1511 lib1512 lib1513 lib1514 lib1515 lib1517 \ @@ -345,6 +346,10 @@ lib658_SOURCES = lib658.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) lib658_LDADD = $(TESTUTIL_LIBS) lib658_CPPFLAGS = $(AM_CPPFLAGS) +lib659_SOURCES = lib659.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) +lib659_LDADD = $(TESTUTIL_LIBS) +lib659_CPPFLAGS = $(AM_CPPFLAGS) + lib1500_SOURCES = lib1500.c $(SUPPORTFILES) $(TESTUTIL) lib1500_LDADD = $(TESTUTIL_LIBS) lib1500_CPPFLAGS = $(AM_CPPFLAGS) diff --git a/tests/libtest/lib659.c b/tests/libtest/lib659.c new file mode 100644 index 000000000..b37e8e940 --- /dev/null +++ b/tests/libtest/lib659.c @@ -0,0 +1,75 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +#include "test.h" + +#include "testutil.h" +#include "warnless.h" +#include "memdebug.h" + +/* + * Get a single URL without select(). + */ + +int test(char *URL) +{ + CURL *handle = NULL; + CURLcode res = 0; + CURLU *urlp = NULL; + + global_init(CURL_GLOBAL_ALL); + easy_init(handle); + + urlp = curl_url(); + + if(!urlp) { + fprintf(stderr, "problem init URL api."); + goto test_cleanup; + } + + /* this doesn't set the PATH part */ + if(curl_url_set(urlp, CURLUPART_HOST, "www.example.com", 0) || + curl_url_set(urlp, CURLUPART_SCHEME, "http", 0) || + curl_url_set(urlp, CURLUPART_PORT, "80", 0)) { + fprintf(stderr, "problem setting CURLUPART"); + goto test_cleanup; + } + + easy_setopt(handle, CURLOPT_CURLU, urlp); + easy_setopt(handle, CURLOPT_VERBOSE, 1L); + easy_setopt(handle, CURLOPT_PROXY, URL); + + res = curl_easy_perform(handle); + + if(res) { + fprintf(stderr, "%s:%d curl_easy_perform() failed with code %d (%s)\n", + __FILE__, __LINE__, res, curl_easy_strerror(res)); + goto test_cleanup; + } + +test_cleanup: + + curl_url_cleanup(urlp); + curl_easy_cleanup(handle); + curl_global_cleanup(); + + return res; +} -- 2.40.0