ooo#41037 Reject URLs containing unencoded NUL characters

Change-Id: I45bbd342734f190ce918b610441ca911a47830b4 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/153062 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
author: Stephan Bergmann <sbergman@redhat.com> 2023-06-14 16:05:54 +0200
committer: Stephan Bergmann <sbergman@redhat.com> 2023-06-15 09:01:18 +0200
commit: 977878814a3573627026e31edb8a51c8f30c8a0c (patch)
tree: 0990d170ac5c30614638e0322c8dca3332013d6b /ucb
parent: c183934835a6ab5e74643a671b65e9468592d216 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/ucb/source/ucp/webdav-curl/CurlUri.cxx b/ucb/source/ucp/webdav-curl/CurlUri.cxx
index c5440423a2db..3ee218d5aca3 100644
--- a/ucb/source/ucp/webdav-curl/CurlUri.cxx
+++ b/ucb/source/ucp/webdav-curl/CurlUri.cxx
@@ -115,6 +115,10 @@ CurlUri::CurlUri(::std::u16string_view const rURI)
     }
 
     // use curl to parse the URI, to get a consistent interpretation
+    if (rURI.find(u'\0') != std::u16string_view::npos)
+    {
+        throw DAVException(DAVException::DAV_INVALID_ARG);
+    }
     OString const utf8URI(OUStringToOString(rURI, RTL_TEXTENCODING_UTF8));
     auto uc = curl_url_set(m_pUrl.get(), CURLUPART_URL, utf8URI.getStr(), 0);
     if (uc != CURLUE_OK)
author	Stephan Bergmann <sbergman@redhat.com>	2023-06-14 16:05:54 +0200
committer	Stephan Bergmann <sbergman@redhat.com>	2023-06-15 09:01:18 +0200
commit	977878814a3573627026e31edb8a51c8f30c8a0c (patch)
tree	0990d170ac5c30614638e0322c8dca3332013d6b /ucb
parent	c183934835a6ab5e74643a671b65e9468592d216 (diff)