diff options
Diffstat (limited to 'net-misc/curl/files/curl-7.86.0-proxy-noproxy-tailmatching.patch')
-rw-r--r-- | net-misc/curl/files/curl-7.86.0-proxy-noproxy-tailmatching.patch | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/net-misc/curl/files/curl-7.86.0-proxy-noproxy-tailmatching.patch b/net-misc/curl/files/curl-7.86.0-proxy-noproxy-tailmatching.patch new file mode 100644 index 000000000000..15f5e64c91f3 --- /dev/null +++ b/net-misc/curl/files/curl-7.86.0-proxy-noproxy-tailmatching.patch @@ -0,0 +1,66 @@ +https://bugs.gentoo.org/878365#c2 +https://github.com/curl/curl/issues/9821 +https://github.com/curl/curl/commit/b830f9ba9e94acf672cd191993ff679fa888838b + +From b830f9ba9e94acf672cd191993ff679fa888838b Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Fri, 28 Oct 2022 10:51:49 +0200 +Subject: [PATCH] noproxy: fix tail-matching + +Also ignore trailing dots in both host name and comparison pattern. + +Regression in 7.86.0 (from 1e9a538e05c0) + +Extended test 1614 to verify better. + +Reported-by: Henning Schild +Fixes #9821 +Closes #9822 +--- a/lib/noproxy.c ++++ b/lib/noproxy.c +@@ -153,9 +153,14 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy) + } + else { + unsigned int address; ++ namelen = strlen(name); + if(1 == Curl_inet_pton(AF_INET, name, &address)) + type = TYPE_IPV4; +- namelen = strlen(name); ++ else { ++ /* ignore trailing dots in the host name */ ++ if(name[namelen - 1] == '.') ++ namelen--; ++ } + } + + while(*p) { +@@ -177,12 +182,23 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy) + if(tokenlen) { + switch(type) { + case TYPE_HOST: +- if(*token == '.') { +- ++token; +- --tokenlen; +- /* tailmatch */ +- match = (tokenlen <= namelen) && +- strncasecompare(token, name + (namelen - tokenlen), namelen); ++ /* ignore trailing dots in the token to check */ ++ if(token[tokenlen - 1] == '.') ++ tokenlen--; ++ ++ if(tokenlen && (*token == '.')) { ++ /* A: example.com matches '.example.com' ++ B: www.example.com matches '.example.com' ++ C: nonexample.com DOES NOT match '.example.com' ++ */ ++ if((tokenlen - 1) == namelen) ++ /* case A, exact match without leading dot */ ++ match = strncasecompare(token + 1, name, namelen); ++ else if(tokenlen < namelen) ++ /* case B, tailmatch with leading dot */ ++ match = strncasecompare(token, name + (namelen - tokenlen), ++ tokenlen); ++ /* case C passes through, not a match */ + } + else + match = (tokenlen == namelen) && |