Merge branch 'jc/url-match'
While normalizing a URL, we forgot that the buffer that holds it could be relocated when it grows, which was a brown-paper-bag bug that can lead to a crash introduced on 'master' post 1.8.4 release. * jc/url-match: urlmatch.c: recompute pointer after append_normalized_escapes
This commit is contained in:
commit
34e8d9982a
@ -281,9 +281,11 @@ char *url_normalize(const char *url, struct url_info *out_info)
|
|||||||
url_len--;
|
url_len--;
|
||||||
}
|
}
|
||||||
for (;;) {
|
for (;;) {
|
||||||
const char *seg_start = norm.buf + norm.len;
|
const char *seg_start;
|
||||||
|
size_t seg_start_off = norm.len;
|
||||||
const char *next_slash = url + strcspn(url, "/?#");
|
const char *next_slash = url + strcspn(url, "/?#");
|
||||||
int skip_add_slash = 0;
|
int skip_add_slash = 0;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* RFC 3689 indicates that any . or .. segments should be
|
* RFC 3689 indicates that any . or .. segments should be
|
||||||
* unescaped before being checked for.
|
* unescaped before being checked for.
|
||||||
@ -297,6 +299,8 @@ char *url_normalize(const char *url, struct url_info *out_info)
|
|||||||
strbuf_release(&norm);
|
strbuf_release(&norm);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
seg_start = norm.buf + seg_start_off;
|
||||||
if (!strcmp(seg_start, ".")) {
|
if (!strcmp(seg_start, ".")) {
|
||||||
/* ignore a . segment; be careful not to remove initial '/' */
|
/* ignore a . segment; be careful not to remove initial '/' */
|
||||||
if (seg_start == path_start + 1) {
|
if (seg_start == path_start + 1) {
|
||||||
|
Loading…
Reference in New Issue
Block a user