Add yet another bypass attack that runs into the url DoS issue

Byron · Byron · commit 6aa63b19338d · 2023-10-05T15:27:09.000+02:00
diff --git a/gix-url/src/parse.rs b/gix-url/src/parse.rs
@@ -89,7 +89,7 @@ pub(crate) fn url(input: &BStr, protocol_end: usize) -> Result<crate::Url, Error
         .skip_while(|b| **b == b'/')
         .position(|b| *b == b'/')
         .unwrap_or(input.len() - protocol_end);
-    if bytes_to_path > MAX_LEN {
+    if bytes_to_path > MAX_LEN || protocol_end > MAX_LEN {
         return Err(Error::TooLong {
             truncated_url: input[..(protocol_end + "://".len() + MAX_LEN).min(input.len())].into(),
             len: input.len(),
diff --git a/gix-url/tests/fixtures/fuzzed/very-long3.url b/gix-url/tests/fixtures/fuzzed/very-long3.url
diff --git a/gix-url/tests/parse/mod.rs b/gix-url/tests/parse/mod.rs
@@ -139,7 +139,7 @@ mod unknown {
 
 #[test]
 fn fuzzed() {
-    for name in ["very-long", "very-long2"] {
+    for name in ["very-long", "very-long2", "very-long3"] {
         let base = Path::new("tests").join("fixtures").join("fuzzed");
         let location = base.join(Path::new(name).with_extension("url"));
         let url = std::fs::read(&location).unwrap();
