From 9e6ddb14a7ba06efd452d2700ea22b9a1ff42818 Mon Sep 17 00:00:00 2001
From: levlam <levlam@telegram.org>
Date: Sun, 1 Jul 2018 02:29:36 +0300
Subject: [PATCH] Fix host validation in parse_url.

GitOrigin-RevId: abce3f846d5d47949478da8353b2eb469635c404
---
 tdutils/td/utils/HttpUrl.cpp | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tdutils/td/utils/HttpUrl.cpp b/tdutils/td/utils/HttpUrl.cpp
index d30913db1..74d7c4164 100644
--- a/tdutils/td/utils/HttpUrl.cpp
+++ b/tdutils/td/utils/HttpUrl.cpp
@@ -130,6 +130,13 @@ Result<HttpUrl> parse_url(MutableSlice url, HttpUrl::Protocol default_protocol)
   string host_str = to_lower(host);
   for (size_t i = 0; i < host_str.size(); i++) {
     char c = host_str[i];
+    if (is_ipv6) {
+      if (c == ':' || ('0' <= c && c <= '9') || ('a' <= c && c <= 'f') || c == '.') {
+        continue;
+      }
+      return Status::Error("Wrong IPv6 URL host");
+    }
+
     if (('a' <= c && c <= 'z') || c == '.' || ('0' <= c && c <= '9') || c == '-' || c == '_' || c == '!' || c == '$' ||
         c == ',' || c == '~' || c == '*' || c == '\'' || c == '(' || c == ')' || c == ';' || c == '&' || c == '+' ||
         c == '=') {
@@ -145,7 +152,9 @@ Result<HttpUrl> parse_url(MutableSlice url, HttpUrl::Protocol default_protocol)
           continue;
         }
       }
+      return Status::Error("Wrong percent-encoded symbol in URL host");
     }
+
     // all other symbols aren't allowed
     unsigned char uc = static_cast<unsigned char>(c);
     if (uc >= 128) {