diff options
Diffstat (limited to 'net-misc/curl/files/curl-7.86.0-proxy-noproxy-match-comma.patch')
| -rw-r--r-- | net-misc/curl/files/curl-7.86.0-proxy-noproxy-match-comma.patch | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/net-misc/curl/files/curl-7.86.0-proxy-noproxy-match-comma.patch b/net-misc/curl/files/curl-7.86.0-proxy-noproxy-match-comma.patch new file mode 100644 index 000000000000..6c8f4067e8d5 --- /dev/null +++ b/net-misc/curl/files/curl-7.86.0-proxy-noproxy-match-comma.patch @@ -0,0 +1,86 @@ +https://bugs.gentoo.org/878365#c2 +https://github.com/curl/curl/issues/9813 +https://github.com/curl/curl/commit/efc286b7a62af0568fdcbf3c68791c9955182128 + +From efc286b7a62af0568fdcbf3c68791c9955182128 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 27 Oct 2022 13:54:27 +0200 +Subject: [PATCH] noproxy: also match with adjacent comma + +If the host name is an IP address and the noproxy string contained that +IP address with a following comma, it would erroneously not match. + +Extended test 1614 to verify this combo as well. + +Reported-by: Henning Schild + +Fixes #9813 +Closes #9814 +--- a/lib/noproxy.c ++++ b/lib/noproxy.c +@@ -192,18 +192,22 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy) + /* FALLTHROUGH */ + case TYPE_IPV6: { + const char *check = token; +- char *slash = strchr(check, '/'); ++ char *slash; + unsigned int bits = 0; + char checkip[128]; ++ if(tokenlen >= sizeof(checkip)) ++ /* this cannot match */ ++ break; ++ /* copy the check name to a temp buffer */ ++ memcpy(checkip, check, tokenlen); ++ checkip[tokenlen] = 0; ++ check = checkip; ++ ++ slash = strchr(check, '/'); + /* if the slash is part of this token, use it */ +- if(slash && (slash < &check[tokenlen])) { ++ if(slash) { + bits = atoi(slash + 1); +- /* copy the check name to a temp buffer */ +- if(tokenlen >= sizeof(checkip)) +- break; +- memcpy(checkip, check, tokenlen); +- checkip[ slash - check ] = 0; +- check = checkip; ++ *slash = 0; /* null terminate there */ + } + if(type == TYPE_IPV6) + match = Curl_cidr6_match(name, check, bits); +--- a/tests/data/test1614 ++++ b/tests/data/test1614 +@@ -16,7 +16,7 @@ unittest + proxy + </features> + <name> +-cidr comparisons ++noproxy and cidr comparisons + </name> + </client> + <errorcode> +--- a/tests/unit/unit1614.c ++++ b/tests/unit/unit1614.c +@@ -77,6 +77,20 @@ UNITTEST_START + { NULL, NULL, 0, FALSE} /* end marker */ + }; + struct noproxy list[]= { ++ { "127.0.0.1", "127.0.0.1,localhost", TRUE}, ++ { "127.0.0.1", "127.0.0.1,localhost,", TRUE}, ++ { "127.0.0.1", "127.0.0.1/8,localhost,", TRUE}, ++ { "127.0.0.1", "127.0.0.1/28,localhost,", TRUE}, ++ { "127.0.0.1", "127.0.0.1/31,localhost,", TRUE}, ++ { "127.0.0.1", "localhost,127.0.0.1", TRUE}, ++ { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1." ++ "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127." ++ "0.0.1.127.0.0.1.127.0.0." /* 128 bytes "address" */, FALSE}, ++ { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1." ++ "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127." ++ "0.0.1.127.0.0.1.127.0.0" /* 127 bytes "address" */, FALSE}, ++ { "localhost", "localhost,127.0.0.1", TRUE}, ++ { "localhost", "127.0.0.1,localhost", TRUE}, + { "foobar", "barfoo", FALSE}, + { "foobar", "foobar", TRUE}, + { "192.168.0.1", "foobar", FALSE}, + |