On Thu, Mar 18, 2021 at 03:54:48PM +0100, Theo Buehler wrote:
> A malformed URI such as "https://[::1/index.html"; causes a NULL access
> in the hosttail[1] == ":" check.
Good catch. I think your diff makes this code a bit easier to understand.
OK claudio@
> Index: http.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/http.c,v
> retrieving revision 1.6
> diff -u -p -r1.6 http.c
> --- http.c 18 Mar 2021 14:08:01 -0000 1.6
> +++ http.c 18 Mar 2021 14:43:31 -0000
> @@ -357,8 +357,11 @@ http_parse_uri(char *uri, char **ohost,
> }
> if (*host == '[') {
> char *scope;
> - if ((hosttail = memrchr(host, ']', path - host)) != NULL &&
> - (hosttail[1] == '/' || hosttail[1] == ':'))
> + if ((hosttail = memrchr(host, ']', path - host)) == NULL) {
> + warnx("%s: unmatched opening bracket", http_info(uri));
> + return -1;
> + }
> + if (hosttail[1] == '/' || hosttail[1] == ':')
> host++;
> if (hosttail[1] == ':')
> port = hosttail + 1;
>
--
:wq Claudio
