system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-23 03:06:48 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

libfetch: disallow invalid escape sequences

Browse source 
Per RFC1738 escape is "% hex hex"; other sequences do not form a valid URL.

Suggested by:	Matthew Dillon
Reviewed by:	Matthew Dillon
MFC after:	1 week
This commit is contained in:
Ed Maste 2020-02-05 16:55:00 +00:00
parent 690a8a6acd
commit 83372bda16
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=357579
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
lib/libfetch/fetch.c
View file

@ -327,6 +327,9 @@ fetch_pctdecode(char *dst, const char *src, size_t dlen)
(d2 = fetch_hexval(s[2])) >= 0 && (d1 > 0 || d2 > 0)) {
c = d1 << 4 | d2;
s += 2;
} else if (s[0] == '%') {
/* Invalid escape sequence. */
return (NULL);
} else {
c = *s;
}