svn commit: r358750 - stable/12/lib/libfetch
Ed Maste
emaste at FreeBSD.org
Sun Mar 8 18:08:47 UTC 2020
Author: emaste
Date: Sun Mar 8 18:08:45 2020
New Revision: 358750
URL: https://svnweb.freebsd.org/changeset/base/358750
Log:
MFC r357579: libfetch: disallow invalid escape sequences
Per RFC1738 escape is "% hex hex"; other sequences do not form a valid URL.
Suggested by: Matthew Dillon
Reviewed by: Matthew Dillon
Sponsored by: The FreeBSD Foundation
Modified:
stable/12/lib/libfetch/fetch.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/lib/libfetch/fetch.c
==============================================================================
--- stable/12/lib/libfetch/fetch.c Sun Mar 8 18:07:33 2020 (r358749)
+++ stable/12/lib/libfetch/fetch.c Sun Mar 8 18:08:45 2020 (r358750)
@@ -325,6 +325,9 @@ fetch_pctdecode(char *dst, const char *src, size_t dle
(d2 = fetch_hexval(s[2])) >= 0 && (d1 > 0 || d2 > 0)) {
c = d1 << 4 | d2;
s += 2;
+ } else if (s[0] == '%') {
+ /* Invalid escape sequence. */
+ return (NULL);
} else {
c = *s;
}
More information about the svn-src-stable-12
mailing list