Fix insufficient validation of the Uri authority component can lead to a panic when calling `host()` afterwards.

hyperium / http

Rust HTTP types

Apache License 2.0

1.12k stars 283 forks source link

Fix insufficient validation of the Uri authority component can lead to a panic when calling `host()` afterwards. #613

Closed f0rki closed 1 year ago

f0rki commented 1 year ago

Previously only the presence of both square brackets was checked, but not the order. This made ]o[ validate as a good uri authority. However, calling the Authority::host function then panics.

I also added a check for too many : chars in the authority.

82marbag commented 1 year ago

CI is failing, but the issue seems unrelated. @seanmonstar can you verify please?

seanmonstar commented 1 year ago

Oh, yea, seems like a dev-dependency is past our MSRV. I've filed #614 to only run cargo check.

seanmonstar commented 1 year ago

Ok, fixed that, if you want to rebase, it should be better here.