Fix parsing of bad urls with #

http://google.com#@github.com parses incorrectly as github.com instead of google.com. Reported by Jesse Yang
valyala · Dec 11, 2024 · cd98551 · cd98551
1 parent f203307
commit cd98551
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 7 deletions.
diff --git a/fuzz_test.go b/fuzz_test.go
@@ -3,6 +3,8 @@ package fasthttp
 import (
 	"bufio"
 	"bytes"
+	"net/url"
+	"strings"
 	"testing"
 )
 
@@ -94,3 +96,35 @@ func FuzzURIUpdateBytes(f *testing.F) {
 		}
 	})
 }
+
+func FuzzURIParse(f *testing.F) {
+	f.Add(`http://foobar.com/aaa/bb?cc#dd`)
+	f.Add(`http://google.com?github.com`)
+	f.Add(`http://google.com#@github.com`)
+
+	f.Fuzz(func(t *testing.T, uri string) {
+		var u URI
+
+		uri = strings.ToLower(uri)
+
+		if !strings.HasPrefix(uri, "http://") && !strings.HasPrefix(uri, "https://") {
+			return
+		}
+
+		if u.Parse(nil, []byte(uri)) != nil {
+			return
+		}
+
+		nu, err := url.Parse(uri)
+		if err != nil {
+			return
+		}
+
+		if string(u.Host()) != nu.Host {
+			t.Fatalf("%q: unexpected host: %q. Expecting %q", uri, u.Host(), nu.Host)
+		}
+		if string(u.QueryString()) != nu.RawQuery {
+			t.Fatalf("%q: unexpected query string: %q. Expecting %q", uri, u.QueryString(), nu.RawQuery)
+		}
+	})
+}
diff --git a/uri.go b/uri.go
@@ -857,15 +857,16 @@ func splitHostURI(host, uri []byte) ([]byte, []byte, []byte) {
 	uri = uri[n:]
 	n = bytes.IndexByte(uri, '/')
 	nq := bytes.IndexByte(uri, '?')
-	if nq >= 0 && nq < n {
+	if nq >= 0 && (n < 0 || nq < n) {
 		// A hack for urls like foobar.com?a=b/xyz
 		n = nq
-	} else if n < 0 {
-		// A hack for bogus urls like foobar.com?a=b without
-		// slash after host.
-		if nq >= 0 {
-			return scheme, uri[:nq], uri[nq:]
-		}
+	}
+	nh := bytes.IndexByte(uri, '#')
+	if nh >= 0 && (n < 0 || nh < n) {
+		// A hack for urls like foobar.com#abc.com
+		n = nh
+	}
+	if n < 0 {
 		return scheme, uri, strSlash
 	}
 	return scheme, uri[:n], uri[n:]

diff --git a/uri_test.go b/uri_test.go
@@ -484,3 +484,17 @@ func TestNoOverwriteInput(t *testing.T) {
 		t.Errorf("%q", u.String())
 	}
 }
+
+func TestFragmentInHost(t *testing.T) {
+	url := "http://google.com#@github.com"
+	u := AcquireURI()
+	defer ReleaseURI(u)
+
+	if err := u.Parse(nil, []byte(url)); err != nil {
+		t.Fatal(err)
+	}
+
+	if got := string(u.Host()); got != "google.com" {
+		t.Fatalf("Unexpected host %q. Expected %q", got, "google.com")
+	}
+}