pegasus/unrealircd
1
0
Fork 0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-06-12 17:14:46 +02:00
Code Activity

Another fix in url_unreal for rogue HTTPS servers (not super important)

Browse Source
This commit is contained in:
Bram Matthys
2026-05-17 10:51:32 +02:00
parent b46c0f20ab
commit cfa1d7614c
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/url_unreal.c
+7
View File
@@ -497,6 +497,7 @@ int https_fatal_tls_error(int ssl_error, int my_errno, Download *handle)
int url_parse(const char *url, char **hostname, int *port, char **username, char **password, char **document)
{
char *p, *p2;
const char *q;
static char hostbuf[256];
static char documentbuf[512];
@@ -505,6 +506,12 @@ int url_parse(const char *url, char **hostname, int *port, char **username, char
if (strncmp(url, "https://", 8))
return 0;
/* Refuse control chars and space (would allow request-line injection). */
for (q = url; *q; q++)
if (*q <= ' ')
return 0;
url += 8; /* skip over https:// part */
p = strchr(url, '/');