Andrew's git
/
gitweb.git
/ diff
summary
|
log
|
commit
| diff |
tree
commit
grep
author
committer
pickaxe
?
re
Merge branch 'md/url-parse-harden'
author
Junio C Hamano
<gitster@pobox.com>
Fri, 21 Jun 2019 18:24:12 +0000
(11:24 -0700)
committer
Junio C Hamano
<gitster@pobox.com>
Fri, 21 Jun 2019 18:24:12 +0000
(11:24 -0700)
The URL decoding code has been updated to avoid going past the end
of the string while parsing %-<hex>-<hex> sequence.
* md/url-parse-harden:
url: do not allow %00 to represent NUL in URLs
url: do not read past end of buffer
url.c
patch
|
blob
|
history
raw
(from parent 1:
e694ea5
)
diff --git
a/url.c
b/url.c
index 25576c390baa79cb0a203d7f682e8f3442f91a60..1b8ef78ceab03784ad48f8411b20669e2ea1ea1f 100644
(file)
--- a/
url.c
+++ b/
url.c
@@
-46,9
+46,9
@@
static char *url_decode_internal(const char **query, int len,
break;
}
- if (c == '%') {
+ if (c == '%'
&& (len < 0 || len >= 3)
) {
int val = hex2chr(q + 1);
- if (0 <
=
val) {
+ if (0 < val) {
strbuf_addch(out, val);
q += 3;
len -= 3;