[bug #68296] maybe_prepend_scheme: strchr finds colons in path component

[sdainard]

URL:
  <https://savannah.gnu.org/bugs/?68296>

                 Summary:  maybe_prepend_scheme: strchr finds colons in path
component
                   Group: GNU Wget
               Submitter: sdainard
               Submitted: Wed 29 Apr 2026 06:37:37 PM UTC
                Category: None
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: Samuel Dainard
        Originator Email:
             Open/Closed: Open
         Discussion Lock: Unlocked
                 Release: trunk
        Operating System: None
         Reproducibility: None
           Fixed Release: None
         Planned Release: None
              Regression: None
           Work Required: None
          Patch Included: Yes


    _______________________________________________________

Follow-up Comments:


-------------------------------------------------------
Date: Wed 29 Apr 2026 06:37:37 PM UTC By: sdainard <sdainard>
maybe_prepend_scheme() (commit c419542d) uses strchr(url, ':') which finds the
first colon anywhere in the URL, including the path.
                                                

                                                            
  A schemeless URL like "www.example.com/path:name" causes strchr to find the
colon in "path:name". is_valid_port("name") returns false, so the function
returns NULL and refuses to prepend "http://";.
                                                 

                                                            
  The previous strpbrk(url, ":/") avoided this by stopping at whichever of ':'
or '/' came first. Adding a slash check restores that behavior without
reintroducing the removed shorthand URL support.
                                                          

                                                            
  Related: bug #68295 (is_valid_port atoi fix)
                                                            

                                                            
  Patch attached






    _______________________________________________________
File Attachments:

Name: Limit-colon-search-to-authority-in-maybe_prepend_scheme.patch Size:
1.2KiB

<https://file.savannah.gnu.org/file/Limit-colon-search-to-authority-in-maybe_prepend_scheme.patch?file_id=58527>



    AGPL NOTICE

These attachments are served by Savane. You can download the corresponding
source code of Savane at
https://savannah.gnu.org/source/savane-c36938be85ff6c1b727bc7dd7fd30e48f9142870.tar.gz

    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?68296>

_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/

signature.asc
Description: PGP signature