From 70159f52e9187941536ff16375d6fce471f43712 Mon Sep 17 00:00:00 2001 From: liwenjie Date: Mon, 7 Nov 2022 09:44:18 +0800 Subject: [PATCH] Repair CVE-2020-8169 --- lib/url.c | 6 ++-- tests/data/Makefile.inc | 2 +- tests/data/test1168 | 78 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 83 insertions(+), 3 deletions(-) create mode 100644 tests/data/test1168 diff --git a/lib/url.c b/lib/url.c index 56fb73636..9a3e331be 100644 --- a/lib/url.c +++ b/lib/url.c @@ -2733,12 +2733,14 @@ static CURLcode override_login(struct Curl_easy *data, /* for updated strings, we update them in the URL */ if(user_changed) { - uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0); + uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, + CURLU_URLENCODE); if(uc) return Curl_uc_to_curlcode(uc); } if(passwd_changed) { - uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0); + uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, + CURLU_URLENCODE); if(uc) return Curl_uc_to_curlcode(uc); } diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 09cb05706..40b9fd2eb 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -131,7 +131,7 @@ test1128 test1129 test1130 test1131 test1132 test1133 test1134 test1135 \ test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \ test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \ test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 \ -test1160 test1161 test1162 test1163 test1164 test1165 test1166 \ +test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1168 \ test1170 test1171 test1172 test1173 test1174 test1175 \ \ test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \ diff --git a/tests/data/test1168 b/tests/data/test1168 new file mode 100644 index 000000000..283e91e01 --- /dev/null +++ b/tests/data/test1168 @@ -0,0 +1,78 @@ + + + +HTTP +HTTP GET +followlocation + + +# Server-side + + +HTTP/1.1 301 This is a weirdo text message swsclose +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Location: /data/11680002.txt +Connection: close + +This server reply is for testing a simple Location: following + + + +HTTP/1.1 200 Followed here fine swsclose +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 52 + +If this is received, the location following worked + + + +HTTP/1.1 301 This is a weirdo text message swsclose +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Location: /data/11680002.txt +Connection: close + +HTTP/1.1 200 Followed here fine swsclose +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 52 + +If this is received, the location following worked + + + + +# Client-side + + +http + + +HTTP redirect with credentials using # in user and password + + +http://%HOSTIP:%HTTPPORT/want/1168 -L -u "catmai#d:#DZaRJYrixKE*gFY" + + + +# Verify data after the test has been "shot" + + +^User-Agent:.* + + +GET /want/1168 HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Authorization: Basic Y2F0bWFpI2Q6I0RaYVJKWXJpeEtFKmdGWQ== +Accept: */* + +GET /data/11680002.txt HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Authorization: Basic Y2F0bWFpI2Q6I0RaYVJKWXJpeEtFKmdGWQ== +Accept: */* + + + +