Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doh: respect timeout and restrict debug builds to http and https #4406

Closed
wants to merge 2 commits into from

Conversation

pauldreik
Copy link
Contributor

doh did not time out properly. This change makes it return early with CURLE_OPERATION_TIMEDOUT.

In debug builds, doh could be configured to use any protocol, which lead to it trying to do doh over pop3 when the http fuzzer was running. It is now restricted to http and https.

Otherwise curl may be told to use for instance pop3 to
communicate with the doh server, which most likely
is not what you want.

Found through fuzzing.
@bagder bagder closed this in bb74201 Sep 23, 2019
bagder pushed a commit that referenced this pull request Sep 23, 2019
Otherwise curl may be told to use for instance pop3 to
communicate with the doh server, which most likely
is not what you want.

Found through fuzzing.

Closes #4406
@bagder
Copy link
Member

bagder commented Sep 23, 2019

Thanks!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants