std.Uri: fix parsing edge case panic

hspak · web-flow · commit 994e191643f6 · 2023-11-22T07:40:30.000Z
diff --git a/lib/std/Uri.zig b/lib/std/Uri.zig
@@ -176,6 +176,11 @@ pub fn parseWithoutScheme(text: []const u8) ParseError!Uri {
 
         var end_of_host: usize = authority.len;
 
+        // if  we see `]` first without `@`
+        if (authority[start_of_host] == ']') {
+            return error.InvalidFormat;
+        }
+
         if (authority.len > start_of_host and authority[start_of_host] == '[') { // IPv6
             end_of_host = std.mem.lastIndexOf(u8, authority, "]") orelse return error.InvalidFormat;
             end_of_host += 1;
@@ -193,6 +198,7 @@ pub fn parseWithoutScheme(text: []const u8) ParseError!Uri {
             }
         }
 
+        if (start_of_host >= end_of_host) return error.InvalidFormat;
         uri.host = authority[start_of_host..end_of_host];
     }
 
@@ -780,3 +786,9 @@ test "format" {
     try uri.format(":/?#", .{}, buf.writer());
     try std.testing.expectEqualSlices(u8, "file:/foo/bar/baz", buf.items);
 }
+
+test "URI malformed input" {
+    try std.testing.expectError(error.InvalidFormat, std.Uri.parse("http://]["));
+    try std.testing.expectError(error.InvalidFormat, std.Uri.parse("http://]@["));
+    try std.testing.expectError(error.InvalidFormat, std.Uri.parse("http://lo]s\x85hc@[/8\x10?0Q"));
+}

Original file line number	Diff line number	Diff line change
`@@ -176,6 +176,11 @@ pub fn parseWithoutScheme(text: []const u8) ParseError!Uri {`
`176`	`176`
`177`	`177`	`var end_of_host: usize = authority.len;`
`178`	`178`
	`179`	+ // if we see `]` first without `@`
	`180`	`+ if (authority[start_of_host] == ']') {`
	`181`	`+ return error.InvalidFormat;`
	`182`	`+ }`
	`183`	`+`
`179`	`184`	`if (authority.len > start_of_host and authority[start_of_host] == '[') { // IPv6`
`180`	`185`	`end_of_host = std.mem.lastIndexOf(u8, authority, "]") orelse return error.InvalidFormat;`
`181`	`186`	`end_of_host += 1;`
`@@ -193,6 +198,7 @@ pub fn parseWithoutScheme(text: []const u8) ParseError!Uri {`
`193`	`198`	`}`
`194`	`199`	`}`
`195`	`200`
	`201`	`+ if (start_of_host >= end_of_host) return error.InvalidFormat;`
`196`	`202`	`uri.host = authority[start_of_host..end_of_host];`
`197`	`203`	`}`
`198`	`204`
`@@ -780,3 +786,9 @@ test "format" {`
`780`	`786`	`try uri.format(":/?#", .{}, buf.writer());`
`781`	`787`	`try std.testing.expectEqualSlices(u8, "file:/foo/bar/baz", buf.items);`
`782`	`788`	`}`
	`789`	`+`
	`790`	`+test "URI malformed input" {`
	`791`	`+ try std.testing.expectError(error.InvalidFormat, std.Uri.parse("http://]["));`
	`792`	`+ try std.testing.expectError(error.InvalidFormat, std.Uri.parse("http://]@["));`
	`793`	`+ try std.testing.expectError(error.InvalidFormat, std.Uri.parse("http://lo]s\x85hc@[/8\x10?0Q"));`
	`794`	`+}`