undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'md/url-parse-harden'

Browse Source 
The URL decoding code has been updated to avoid going past the end
of the string while parsing %-<hex>-<hex> sequence.

* md/url-parse-harden:
  url: do not allow %00 to represent NUL in URLs
  url: do not read past end of buffer
This commit is contained in:
Junio C Hamano 2019-06-21 11:24:12 -07:00
commit f9089e8491
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
url.c
View File

@ -46,9 +46,9 @@ static char *url_decode_internal(const char **query, int len,
break; break;
} }
if (c == '%') { if (c == '%' && (len < 0 || len >= 3)) {
int val = hex2chr(q + 1); int val = hex2chr(q + 1);
if (0 <= val) { if (0 < val) {
strbuf_addch(out, val); strbuf_addch(out, val);
q += 3; q += 3;
len -= 3; len -= 3;