search

hyperium / http

Rust HTTP types
Apache License 2.0
1.15k stars 285 forks source link

Unexpected panic for malformed URI with brackets #435

Closed algesten closed 3 years ago

algesten commented 4 years ago

Doing some fuzzing I encountered this:

    let uri = "http://[]@[";
    let uri = uri.parse::<http::Uri>().unwrap(); // is ok
    uri.host(); // panics

The panic is parsing should validate brackets and come from here: https://github.com/hyperium/http/blob/v0.2.1/src/uri/authority.rs#L486

I expect this to surface as an Err and panic on .unwrap().

seanmonstar commented 4 years ago

Yep, this looks wrong. Thanks for reporting!