2
0
mirror of https://github.com/curl/curl.git synced 2025-03-31 16:00:35 +08:00

hsts: skip single-dot hostname

Reported-by: Maksymilian Arciemowicz

Closes 
This commit is contained in:
Daniel Stenberg 2023-11-02 10:52:46 +01:00
parent ddb95c155e
commit 8c058a820a
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2

@ -40,6 +40,7 @@
#include "fopen.h"
#include "rename.h"
#include "share.h"
#include "strdup.h"
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
@ -116,22 +117,30 @@ static CURLcode hsts_create(struct hsts *h,
bool subdomains,
curl_off_t expires)
{
struct stsentry *sts = hsts_entry();
struct stsentry *sts;
char *duphost;
size_t hlen;
DEBUGASSERT(h);
DEBUGASSERT(hostname);
hlen = strlen(hostname);
if(hlen && (hostname[hlen - 1] == '.'))
/* strip off any trailing dot */
--hlen;
if(!hlen)
/* no host name left */
return CURLE_BAD_FUNCTION_ARGUMENT;
sts = hsts_entry();
if(!sts)
return CURLE_OUT_OF_MEMORY;
duphost = strdup(hostname);
duphost = Curl_memdup(hostname, hlen + 1);
if(!duphost) {
free(sts);
return CURLE_OUT_OF_MEMORY;
}
hlen = strlen(duphost);
if(duphost[hlen - 1] == '.')
/* strip off trailing any dot */
duphost[--hlen] = 0;
duphost[hlen] = 0; /* might remove a dot */
sts->host = duphost;
sts->expires = expires;