From 851893a3f299da9eeb0ef3c745be1f30164fd6cf Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Fri, 15 Jan 2021 17:49:10 +0100
Subject: [PATCH] Do not accept domains such as [hello

---
 src/web/web_server.rs | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/web/web_server.rs b/src/web/web_server.rs
index aab7e8de..24d111a9 100644
--- a/src/web/web_server.rs
+++ b/src/web/web_server.rs
@@ -124,7 +124,12 @@ fn authority_to_host(authority: &str) -> Result<&str, Error> {
 			let mut iter = iter.skip_while(|(_, c)| c != &']');
 			match iter.next() {
 				Some((_, ']')) => iter.next(),
-				_ => None,
+				_ => {
+					return Err(Error::BadRequest(format!(
+						"Authority {} has an illegal format",
+						authority
+					)))
+				}
 			}
 		}
 		_ => iter.skip_while(|(_, c)| c != &':').next(),
@@ -213,10 +218,8 @@ mod tests {
 		assert_eq!(domain2, "garage.tld");
 		let domain3 = authority_to_host("127.0.0.1")?;
 		assert_eq!(domain3, "127.0.0.1");
-		let domain4 = authority_to_host("[")?;
-		assert_eq!(domain4, "[");
-		let domain5 = authority_to_host("[hello")?;
-		assert_eq!(domain5, "[hello");
+		assert!(authority_to_host("[").is_err());
+		assert!(authority_to_host("[hello").is_err());
 		Ok(())
 	}