Avoid NULL access in http_parse_uri()

A malformed URI such as "https://[::1/index.html" causes a NULL access in the hosttail[1] == ":" check. ok claudio
author: tb <tb@openbsd.org> 2021-03-18 15:40:45 +0000
committer: tb <tb@openbsd.org> 2021-03-18 15:40:45 +0000
commit: cf09f54743c62d225649013fd3e338a48a2414ee (patch)
tree: a2feec56373490d10710741f460aaa13cfaf33d1
parent: Fix SIOCDELLABEL/"ifconfig mpe0 -mplslabel" to unset label completely (diff)
download: wireguard-openbsd-cf09f54743c62d225649013fd3e338a48a2414ee.tar.xz
wireguard-openbsd-cf09f54743c62d225649013fd3e338a48a2414ee.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/usr.sbin/rpki-client/http.c b/usr.sbin/rpki-client/http.c
index 6746990e11a..987792eb0bc 100644
--- a/usr.sbin/rpki-client/http.c
+++ b/usr.sbin/rpki-client/http.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: http.c,v 1.6 2021/03/18 14:08:01 claudio Exp $  */
+/*      $OpenBSD: http.c,v 1.7 2021/03/18 15:40:45 tb Exp $  */
 /*
  * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
  * Copyright (c) 2020 Claudio Jeker <claudio@openbsd.com>
@@ -357,8 +357,11 @@ http_parse_uri(char *uri, char **ohost, char **oport, char **opath)
 	}
 	if (*host == '[') {
 		char *scope;
-		if ((hosttail = memrchr(host, ']', path - host)) != NULL &&
-		    (hosttail[1] == '/' || hosttail[1] == ':'))
+		if ((hosttail = memrchr(host, ']', path - host)) == NULL) {
+			warnx("%s: unmatched opening bracket", http_info(uri));
+			return -1;
+		}
+		if (hosttail[1] == '/' || hosttail[1] == ':')
 			host++;
 		if (hosttail[1] == ':')
 			port = hosttail + 1;
author	tb <tb@openbsd.org>	2021-03-18 15:40:45 +0000
committer	tb <tb@openbsd.org>	2021-03-18 15:40:45 +0000
commit	cf09f54743c62d225649013fd3e338a48a2414ee (patch)
tree	a2feec56373490d10710741f460aaa13cfaf33d1
parent	Fix SIOCDELLABEL/"ifconfig mpe0 -mplslabel" to unset label completely (diff)
download	wireguard-openbsd-cf09f54743c62d225649013fd3e338a48a2414ee.tar.xz wireguard-openbsd-cf09f54743c62d225649013fd3e338a48a2414ee.zip