1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
https://github.com/curl/curl/issues/9842
https://github.com/curl/curl/commit/b1953c1933b369b1217ef0f16053e26da63488c3
From b1953c1933b369b1217ef0f16053e26da63488c3 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 6 Nov 2022 23:19:51 +0100
Subject: [PATCH] noproxy: tailmatch like in 7.85.0 and earlier
A regfression in 7.86.0 (via 1e9a538e05c010) made the tailmatch work
differently than before. This restores the logic to how it used to work:
All names listed in NO_PROXY are tailmatched against the used domain
name, if the lengths are identical it needs a full match.
Update the docs, update test 1614.
Reported-by: Stuart Henderson
Fixes #9842
Closes #9858
---
docs/libcurl/opts/CURLOPT_NOPROXY.3 | 4 ----
lib/noproxy.c | 32 +++++++++++++++--------------
tests/unit/unit1614.c | 3 ++-
3 files changed, 19 insertions(+), 20 deletions(-)
diff --git a/docs/libcurl/opts/CURLOPT_NOPROXY.3 b/docs/libcurl/opts/CURLOPT_NOPROXY.3
index 5e4c32130431..dc3cf7c10833 100644
--- a/docs/libcurl/opts/CURLOPT_NOPROXY.3
+++ b/docs/libcurl/opts/CURLOPT_NOPROXY.3
@@ -40,10 +40,6 @@ list is matched as either a domain which contains the hostname, or the
hostname itself. For example, "ample.com" would match ample.com, ample.com:80,
and www.ample.com, but not www.example.com or ample.com.org.
-If the name in the \fInoproxy\fP list has a leading period, it is a domain
-match against the provided host name. This way ".example.com" will switch off
-proxy use for both "www.example.com" as well as for "foo.example.com".
-
Setting the \fInoproxy\fP string to "" (an empty string) will explicitly
enable the proxy for all host names, even if there is an environment variable
set for it.
diff --git a/lib/noproxy.c b/lib/noproxy.c
index 2832ae166a5b..fb856e4faa72 100644
--- a/lib/noproxy.c
+++ b/lib/noproxy.c
@@ -187,22 +187,24 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy)
tokenlen--;
if(tokenlen && (*token == '.')) {
- /* A: example.com matches '.example.com'
- B: www.example.com matches '.example.com'
- C: nonexample.com DOES NOT match '.example.com'
- */
- if((tokenlen - 1) == namelen)
- /* case A, exact match without leading dot */
- match = strncasecompare(token + 1, name, namelen);
- else if(tokenlen < namelen)
- /* case B, tailmatch with leading dot */
- match = strncasecompare(token, name + (namelen - tokenlen),
- tokenlen);
- /* case C passes through, not a match */
+ /* ignore leading token dot as well */
+ token++;
+ tokenlen--;
}
- else
- match = (tokenlen == namelen) &&
- strncasecompare(token, name, namelen);
+ /* A: example.com matches 'example.com'
+ B: www.example.com matches 'example.com'
+ C: nonexample.com DOES NOT match 'example.com'
+ */
+ if(tokenlen == namelen)
+ /* case A, exact match */
+ match = strncasecompare(token, name, namelen);
+ else if(tokenlen < namelen) {
+ /* case B, tailmatch domain */
+ match = (name[namelen - tokenlen - 1] == '.') &&
+ strncasecompare(token, name + (namelen - tokenlen),
+ tokenlen);
+ }
+ /* case C passes through, not a match */
break;
case TYPE_IPV4:
/* FALLTHROUGH */
|