parse_proxy: reject illegal port numbers

If the port number in the proxy string ended weirdly or the number is
too large, skip it. Mostly as a means to bail out early if a "bare" IPv6
numerical address is used without enclosing brackets.

Also mention the bracket requirement for IPv6 numerical addresses to the
man page for CURLOPT_PROXY.

Closes #415

Reported-by: Marcel Raad
This commit is contained in:
Daniel Stenberg
2015-09-08 13:42:48 +02:00
parent 27620171ff
commit 87e533ace0
2 changed files with 18 additions and 4 deletions

View File

@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -29,8 +29,8 @@ CURLOPT_PROXY \- set proxy to use
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY, char *proxy);
.SH DESCRIPTION
Set the \fIproxy\fP to use for the upcoming request. The parameter should be a
char * to a zero terminated string holding the host name or dotted IP
address.
char * to a zero terminated string holding the host name or dotted numerical
IP address. A numerical IPv6 address must be written within [brackets].
To specify port number in this string, append :[port] to the end of the host
name. The proxy's port number may optionally be specified with the separate