Hi, I filed two related bug reports on Savannah about seven weeks ago for issues introduced in commit c419542d. Both have patches attached but haven't gotten any response yet. Known wget is high priority so hope y'all don't mind me sending them to the list for visibility.
Bug #68295 - is_valid_port: undefined behavior with atoi on overflow https://savannah.gnu.org/bugs/?68295 (https://savannah.gnu.org/bugs/?68295) is_valid_port() uses atoi() to parse the port string. Since atoi() has undefined behavior on integer overflow, a string like "99999999999" triggers UB before the range check can reject it. The patch replaces atoi() with strtoul(), which sets errno on overflow and whose end pointer eliminates the separate strspn() call. Bug #68296 - maybe_prepend_scheme: strchr finds colons in path component https://savannah.gnu.org/bugs/?68296 (https://savannah.gnu.org/bugs/?68296) maybe_prepend_scheme() uses strchr(url, ':') which matches colons anywhere in the URL, including the path. A schemeless URL like www.example.com/path:name (http://www.example.com/path:name)<http://www.example.com/path:name%20(http:/www.example.com/path:name)> hits the colon in "path:name", is_valid_port("name") returns false, and the function refuses to prepend http://. The patch adds a slash check so the colon search is limited to the authority component, restoring the behavior of the previous strpbrk(url, ":/") approach without reintroducing removed shorthand URL support. Patches are on the respective bug reports. Happy to rebase or rework if needed. Thanks, Samuel Dainard sdainard@
