From c8dac4ba172c145dbdf924a5e309fe7539b3610e Mon Sep 17 00:00:00 2001

From: Daniel Gustafsson <daniel@yesql.se>

Date: Tue, 27 Feb 2024 15:43:56 +0100

Subject: [PATCH 1/2] setopt: Fix disabling all protocols

When disabling all protocols without enabling any, the resulting

set of allowed protocols remained the default set.  Clearing the

allowed set before inspecting the passed value from --proto make

the set empty even in the errorpath of no protocols enabled.

Co-authored-by: Dan Fandrich <dan@telarity.com>

Reported-by: Dan Fandrich <dan@telarity.com>

Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Closes: #13004

(cherry picked from commit 17d302e56221f5040092db77d4f85086e8a20e0e)

Signed-off-by: Jan Macku <jamacku@redhat.com>

---

 lib/setopt.c            | 16 ++++++++--------

 tests/data/Makefile.inc |  2 +-

 tests/data/test1474     | 42 +++++++++++++++++++++++++++++++++++++++++

 3 files changed, 51 insertions(+), 9 deletions(-)

 create mode 100644 tests/data/test1474

diff --git a/lib/setopt.c b/lib/setopt.c

index a5270773f..3891eb679 100644

--- a/lib/setopt.c

+++ b/lib/setopt.c

@@ -155,6 +155,12 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp)

 static CURLcode protocol2num(const char *str, curl_prot_t *val)

 {

+  /*

+   * We are asked to cherry-pick protocols, so play it safe and disallow all

+   * protocols to start with, and re-add the wanted ones back in.

+   */

+  *val = 0;

+

   if(!str)

     return CURLE_BAD_FUNCTION_ARGUMENT;

@@ -163,8 +169,6 @@ static CURLcode protocol2num(const char *str, curl_prot_t *val)

     return CURLE_OK;

   }

-  *val = 0;

-

   do {

     const char *token = str;

     size_t tlen;

@@ -2657,22 +2661,18 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)

     break;

   case CURLOPT_PROTOCOLS_STR: {

-    curl_prot_t prot;

     argptr = va_arg(param, char *);

-    result = protocol2num(argptr, &prot;;

+    result = protocol2num(argptr, &data->set.allowed_protocols);

     if(result)

       return result;

-    data->set.allowed_protocols = prot;

     break;

   }

   case CURLOPT_REDIR_PROTOCOLS_STR: {

-    curl_prot_t prot;

     argptr = va_arg(param, char *);

-    result = protocol2num(argptr, &prot;;

+    result = protocol2num(argptr, &data->set.redir_protocols);

     if(result)

       return result;

-    data->set.redir_protocols = prot;

     break;

   }

diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc

index cd393da75..011aa4607 100644

--- a/tests/data/Makefile.inc

+++ b/tests/data/Makefile.inc

@@ -186,7 +186,7 @@ test1439 test1440 test1441 test1442 test1443 test1444 test1445 test1446 \

 test1447 test1448 test1449 test1450 test1451 test1452 test1453 test1454 \

 test1455 test1456 test1457 test1458 test1459 test1460 test1461 test1462 \

 test1463 test1464 test1465 test1466 test1467 test1468 test1469 test1470 \

-test1471 test1472 test1473          test1475 test1476 test1477 test1478 \

+test1471 test1472 test1473 test1474 test1475 test1476 test1477 test1478 \

 \

 test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \

 test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \

diff --git a/tests/data/test1474 b/tests/data/test1474

new file mode 100644

index 000000000..c66fa2810

--- /dev/null

+++ b/tests/data/test1474

@@ -0,0 +1,42 @@

+<testcase>

+<info>

+<keywords>

+HTTP

+HTTP GET

+--proto

+</keywords>

+</info>

+

+#

+# Server-side

+<reply>

+<data>

+</data>

+</reply>

+

+#

+# Client-side

+<client>

+<server>

+none

+</server>

+<features>

+http

+</features>

+<name>

+--proto -all disables all protocols

+</name>

+<command>

+--proto -all http://%HOSTIP:%NOLISTENPORT/%TESTNUMBER

+</command>

+</client>

+

+#

+# Verify data after the test has been "shot"

+<verify>

+# 1 - Protocol "http" disabled

+<errorcode>

+1

+</errorcode>

+</verify>

+</testcase>

-- 

2.44.0