rdelaage
/
gmid
mirror of https://github.com/omar-polo/gmid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

reject %00

This commit is contained in:
Omar Polo 2020-12-26 00:37:43 +01:00
parent df6ca41da3
commit 00781742c5
No known key found for this signature in database
GPG Key ID: 35F98C96A1786F0D
3 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -220,3 +220,6 @@ since it's relative to the document root.
* a %2F sequence in the path part is indistinguishable from a literal
slash: this is not RFC3986-compliant.
* a %00 sequence either in the path or in the query part is treated as
invalid character and thus rejected.

3
gmid.1
View File

@ -192,4 +192,7 @@ completely ignored.
.It
a %2F sequence in the path part is indistinguishable from a literal
slash: this is not RFC3986-compliant.
.It
a %00 sequence either in the path or in the query part is treated as
invalid character and thus rejected.
.El

13
uri.c
View File

@ -172,6 +172,10 @@ parse_pct_encoded(struct parser *p)
sscanf(p->uri+1, "%2hhx", p->uri);
memmove(p->uri+1, p->uri+3, strlen(p->uri+3)+1);
if (*p->uri == '\0') {
p->err = "illegal percent-encoding";
return 0;
}
return 1;
}
@ -252,6 +256,9 @@ parse_authority(struct parser *p)
|| parse_pct_encoded(p))
p->uri++;
if (p->err != NULL)
return 0;
if (*p->uri == ':') {
*p->uri = '\0';
p->uri++;
@ -356,6 +363,9 @@ parse_query(struct parser *p)
|| valid_multibyte_utf8(p))
p->uri++;
if (p->err != NULL)
return 0;
if (*p->uri != '\0' && *p->uri != '#') {
p->err = "illegal character in query";
return 0;
@ -397,6 +407,9 @@ parse_path(struct parser *p)
|| valid_multibyte_utf8(p))
p->uri++;
if (p->err != NULL)
return 0;
if (*p->uri != '\0' && *p->uri != '?' && *p->uri != '#') {
p->err = "illegal character in path";
return 0;