Add fuzzing assert to fuzz against CVE-2017-1000117

nathaniel-brough · nathaniel-brough · commit 8d4f9d735934 · 2023-12-23T17:34:25.000-08:00
diff --git a/gix-url/fuzz/fuzz_targets/parse.rs b/gix-url/fuzz/fuzz_targets/parse.rs
@@ -9,7 +9,11 @@ fn fuzz(data: &[u8]) -> Result<()> {
     _ = black_box(url.user());
     _ = black_box(url.password());
     _ = black_box(url.password());
-    _ = black_box(url.host_argument_safe());
+    if let Some(safe_host) = black_box(url.host_argument_safe()) {
+        // Ensure malicious host paths can't be returned see;
+        // https://secure.phabricator.com/T12961
+        assert!(!safe_host.starts_with("ssh://-"));
+    }
     _ = black_box(url.path_argument_safe());
     _ = black_box(url.path_is_root());
     _ = black_box(url.port_or_default());
