noproxy: also match with adjacent comma

If the host name is an IP address and the noproxy string contained that IP address with a following comma, it would erroneously not match. Extended test 1614 to verify this combo as well. Reported-by: Henning Schild Fixes #9813 Closes #9814
2024-11-27 05:50:21 +08:00 · 2022-10-27 13:54:27 +02:00 · 2022-10-27 13:54:27 +02:00 · efc286b7a6
commit efc286b7a6
parent fc8d6b2370
3 changed files with 27 additions and 9 deletions
--- a/lib/noproxy.c
+++ b/lib/noproxy.c
@ -192,18 +192,22 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy)
          /* FALLTHROUGH */
        case TYPE_IPV6: {
          const char *check = token;
-          char *slash = strchr(check, '/');
+          char *slash;
          unsigned int bits = 0;
          char checkip[128];
+          if(tokenlen >= sizeof(checkip))
+            /* this cannot match */
+            break;
+          /* copy the check name to a temp buffer */
+          memcpy(checkip, check, tokenlen);
+          checkip[tokenlen] = 0;
+          check = checkip;
+
+          slash = strchr(check, '/');
          /* if the slash is part of this token, use it */
-          if(slash && (slash < &check[tokenlen])) {
+          if(slash) {
            bits = atoi(slash + 1);
-            /* copy the check name to a temp buffer */
-            if(tokenlen >= sizeof(checkip))
-              break;
-            memcpy(checkip, check, tokenlen);
-            checkip[ slash - check ] = 0;
-            check = checkip;
+            *slash = 0; /* null terminate there */
          }
          if(type == TYPE_IPV6)
            match = Curl_cidr6_match(name, check, bits);
--- a/tests/data/test1614
+++ b/tests/data/test1614
@ -16,7 +16,7 @@ unittest
 proxy
 </features>
 <name>
-cidr comparisons
+noproxy and cidr comparisons
 </name>
 </client>
 <errorcode>
--- a/tests/unit/unit1614.c
+++ b/tests/unit/unit1614.c
@ -77,6 +77,20 @@ UNITTEST_START
    { NULL, NULL, 0, FALSE} /* end marker */
  };
  struct noproxy list[]= {
+    { "127.0.0.1", "127.0.0.1,localhost", TRUE},
+    { "127.0.0.1", "127.0.0.1,localhost,", TRUE},
+    { "127.0.0.1", "127.0.0.1/8,localhost,", TRUE},
+    { "127.0.0.1", "127.0.0.1/28,localhost,", TRUE},
+    { "127.0.0.1", "127.0.0.1/31,localhost,", TRUE},
+    { "127.0.0.1", "localhost,127.0.0.1", TRUE},
+    { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1."
+      "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127."
+      "0.0.1.127.0.0.1.127.0.0." /* 128 bytes "address" */, FALSE},
+    { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1."
+      "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127."
+      "0.0.1.127.0.0.1.127.0.0" /* 127 bytes "address" */, FALSE},
+    { "localhost", "localhost,127.0.0.1", TRUE},
+    { "localhost", "127.0.0.1,localhost", TRUE},
    { "foobar", "barfoo", FALSE},
    { "foobar", "foobar", TRUE},
    { "192.168.0.1", "foobar", FALSE},