On Mon, 23 Sep 2019, Paul Dreik via curl-library wrote:
The decoded contents of the test data means this is what happens:
- set hostname to "A"
- set doh url to "pop3:/tA"
- start transferring
Ah, this a bug but a pretty harmless one:
The code:
https://github.com/curl/curl/blob/41db01a39f88d05f43344d0ea1d1b588b3441403/lib/doh.c#L261-L264
It disables the HTTPS-enforcement for debug-builds (meant to allow plain HTTP
as well for running tests and debug the protocol easier) - and the fuzzer
builds and uses debug builds. I'll change that to only allow HTTP + HTTPS in
the debug case.
PR coming up.
--
/ daniel.haxx.se | Get the best commercial curl support there is - from me
| Private help, bug fixes, support, ports, new features
| https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
