From cd4ed8530fa04fcbd54009e9db6ad9ea2518a10b Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Sun, 3 Mar 2013 15:03:57 +1300
Subject: Check that hosts in parse_url do not contain NULL bytes.

---
 netlib/http.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'netlib/http.py')

diff --git a/netlib/http.py b/netlib/http.py
index c864f1de..1b03d330 100644
--- a/netlib/http.py
+++ b/netlib/http.py
@@ -18,7 +18,7 @@ def parse_url(url):
 
         Checks that:
             port is an integer
-            host is a valid IDNA-encoded hostname
+            host is a valid IDNA-encoded hostname with no null-bytes
             path is valid ASCII
     """
     scheme, netloc, path, params, query, fragment = urlparse.urlparse(url)
@@ -43,6 +43,8 @@ def parse_url(url):
         host.decode("idna")
     except ValueError:
         return None
+    if "\0" in host:
+        return None
     try:
         path.decode("ascii")
     except ValueError:
-- 
cgit v1.2.3