hsts: skip single-dot hostname

Reported-by: Maksymilian Arciemowicz Closes #12247
2025-03-31 16:00:35 +08:00 · 2023-11-02 10:52:46 +01:00 · 2023-11-02 10:52:46 +01:00 · 8c058a820a
commit 8c058a820a
parent ddb95c155e
1 changed files with 16 additions and 7 deletions
--- a/lib/hsts.c
+++ b/lib/hsts.c
@ -40,6 +40,7 @@
 #include "fopen.h"
 #include "rename.h"
 #include "share.h"
+#include "strdup.h"

 /* The last 3 #include files should be in this order */
 #include "curl_printf.h"
@ -116,22 +117,30 @@ static CURLcode hsts_create(struct hsts *h,
                            bool subdomains,
                            curl_off_t expires)
 {
-  struct stsentry *sts = hsts_entry();
+  struct stsentry *sts;
  char *duphost;
  size_t hlen;
+  DEBUGASSERT(h);
+  DEBUGASSERT(hostname);
+
+  hlen = strlen(hostname);
+  if(hlen && (hostname[hlen - 1] == '.'))
+    /* strip off any trailing dot */
+    --hlen;
+  if(!hlen)
+    /* no host name left */
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+
+  sts = hsts_entry();
  if(!sts)
    return CURLE_OUT_OF_MEMORY;

-  duphost = strdup(hostname);
+  duphost = Curl_memdup(hostname, hlen + 1);
  if(!duphost) {
    free(sts);
    return CURLE_OUT_OF_MEMORY;
  }
-
-  hlen = strlen(duphost);
-  if(duphost[hlen - 1] == '.')
-    /* strip off trailing any dot */
-    duphost[--hlen] = 0;
+  duphost[hlen] = 0; /* might remove a dot */

  sts->host = duphost;
  sts->expires = expires;