Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix insufficient validation of the Uri authority component can lead to a panic when calling host() afterwards. #613

Merged
merged 2 commits into from
Jun 12, 2023

Conversation

f0rki
Copy link

@f0rki f0rki commented Jun 12, 2023

Previously only the presence of both square brackets was checked, but not the order. This made ]o[ validate as a good uri authority. However, calling the Authority::host function then panics.

I also added a check for too many : chars in the authority.

@82marbag
Copy link

CI is failing, but the issue seems unrelated. @seanmonstar can you verify please?

@seanmonstar
Copy link
Member

Oh, yea, seems like a dev-dependency is past our MSRV. I've filed #614 to only run cargo check.

@seanmonstar
Copy link
Member

Ok, fixed that, if you want to rebase, it should be better here.

Michael Rodler added 2 commits June 12, 2023 17:02
… correct order.

This avoids panic when attempting to parse odd strings like `]o[`.

Signed-off-by: Michael Rodler <mrodler@amazon.de>
Reviewed-by: Daniele Ahmed <ahmeddan@amazon.de>
Signed-off-by: Michael Rodler <mrodler@amazon.de>
@seanmonstar seanmonstar merged commit 4f28cbd into hyperium:master Jun 12, 2023
@f0rki f0rki deleted the uri-parsing-panic branch June 12, 2023 15:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants