Commit 33544336cb for openssl.org

commit 33544336cbfbf107a205521e0a63fa621ed2776d
Author: Dr. David von Oheimb <dev@ddvo.net>
Date:   Wed Apr 8 08:27:35 2026 +0200

    http_lib.c: add check that host_end is not past authority_end

    Reviewed-by: Neil Horman <nhorman@openssl.org>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    MergeDate: Wed Jun 10 06:27:03 2026
    (Merged from https://github.com/openssl/openssl/pull/27357)

diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c
index ab3142a32d..0c394a2d9a 100644
--- a/crypto/http/http_lib.c
+++ b/crypto/http/http_lib.c
@@ -110,7 +110,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
     /* parse hostname/address as far as needed here */
     if (host[0] == '[') {
         /* IPv6 literal, which may include ':' */
-        host_end = strchr(host + 1, ']');
+        host_end = memchr(host + 1, ']', authority_end - host - 1);
         if (host_end == NULL)
             goto parse_err;
         p = ++host_end;
diff --git a/test/http_test.c b/test/http_test.c
index 6879f8b664..52182fd7b4 100644
--- a/test/http_test.c
+++ b/test/http_test.c
@@ -287,6 +287,8 @@ err:
     return res;
 }

+static int test_http_url_invalid(const char *url);
+
 static int test_http_url_frag_ok(const char *url, int exp_ssl, const char *exp_host,
     const char *exp_port, const char *exp_path, const char *exp_frag)
 {
@@ -398,7 +400,8 @@ static int test_http_url_ipv4(void)

 static int test_http_url_ipv6(void)
 {
-    return test_http_url_ok("http://[FF01::101]:6", 0, "[FF01::101]", "6", "/");
+    return test_http_url_ok("http://[FF01::101]:6", 0, "[FF01::101]", "6", "/")
+        && test_http_url_invalid("http://[FF01::101/path]");
 }

 static int test_http_url_invalid(const char *url)