Merge branch 'jc/url-match'
While normalizing a URL, we forgot that the buffer that holds it could be relocated when it grows, which was a brown-paper-bag bug that can lead to a crash introduced on 'master' post 1.8.4 release. * jc/url-match: urlmatch.c: recompute pointer after append_normalized_escapes
This commit is contained in:
commit
34e8d9982a
@ -281,9 +281,11 @@ char *url_normalize(const char *url, struct url_info *out_info)
|
||||
url_len--;
|
||||
}
|
||||
for (;;) {
|
||||
const char *seg_start = norm.buf + norm.len;
|
||||
const char *seg_start;
|
||||
size_t seg_start_off = norm.len;
|
||||
const char *next_slash = url + strcspn(url, "/?#");
|
||||
int skip_add_slash = 0;
|
||||
|
||||
/*
|
||||
* RFC 3689 indicates that any . or .. segments should be
|
||||
* unescaped before being checked for.
|
||||
@ -297,6 +299,8 @@ char *url_normalize(const char *url, struct url_info *out_info)
|
||||
strbuf_release(&norm);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
seg_start = norm.buf + seg_start_off;
|
||||
if (!strcmp(seg_start, ".")) {
|
||||
/* ignore a . segment; be careful not to remove initial '/' */
|
||||
if (seg_start == path_start + 1) {
|
||||
|
Loading…
Reference in New Issue
Block a user