Skip to content

Commit

Permalink
hsts: remove assert for zero length domain
Browse files Browse the repository at this point in the history 
A zero length domain can happen if the HSTS parser is given invalid
input data which is not unheard of and is done by the fuzzer.

Follow-up from cfe7902

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65661

Closes curl#12676
  • Loading branch information
@bagder
bagder committed Jan 10, 2024
1 parent a9e128d commit 24ae4a0
Showing 1 changed file with 15 additions and 19 deletions.
34 changes: 15 additions & 19 deletions lib/hsts.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,8 +117,6 @@ static CURLcode hsts_create(struct hsts *h,
bool subdomains,
curl_off_t expires)
{
struct stsentry *sts;
char *duphost;
size_t hlen;
DEBUGASSERT(h);
DEBUGASSERT(hostname);
Expand All @@ -127,25 +125,23 @@ static CURLcode hsts_create(struct hsts *h,
if(hlen && (hostname[hlen - 1] == '.'))
/* strip off any trailing dot */
--hlen;
DEBUGASSERT(hlen);
if(!hlen)
/* no host name left */
return CURLE_BAD_FUNCTION_ARGUMENT;

sts = hsts_entry();
if(!sts)
return CURLE_OUT_OF_MEMORY;
if(hlen) {
char *duphost;
struct stsentry *sts = hsts_entry();
if(!sts)
return CURLE_OUT_OF_MEMORY;

duphost = Curl_memdup0(hostname, hlen);
if(!duphost) {
free(sts);
return CURLE_OUT_OF_MEMORY;
}

duphost = Curl_memdup0(hostname, hlen);
if(!duphost) {
free(sts);
return CURLE_OUT_OF_MEMORY;
sts->host = duphost;
sts->expires = expires;
sts->includeSubDomains = subdomains;
Curl_llist_insert_next(&h->list, h->list.tail, sts, &sts->node);
}

sts->host = duphost;
sts->expires = expires;
sts->includeSubDomains = subdomains;
Curl_llist_insert_next(&h->list, h->list.tail, sts, &sts->node);
return CURLE_OK;
}

Expand Down

0 comments on commit 24ae4a0

Please sign in to comment.