 |
Fix buffer over-read in decode() - quark - quark web server |
 |
git clone git://git.suckless.org/quark |
 |
Log |
|
Files |
|
Refs |
|
LICENSE |
|
--- |
|
commit 5ad0df91757fbc577ffceeca633725e962da345d |
|
parent a982fa636704a436c3d1016b1f82806f607b7556 |
|
Author: HushBugger <[email protected]> |
|
Date: Tue, 16 Aug 2022 22:37:50 +0200 |
|
|
|
Fix buffer over-read in decode() |
|
|
|
The format specifier for parsing percent-formatted characters uses a |
|
maximum number of digits, not an exact number of digits. |
|
|
|
If the hex number has only one digit this will skip a character, |
|
potentially pointing past the terminating null byte. |
|
|
|
Diffstat: |
|
M http.c | 10 ++++++---- |
|
|
|
1 file changed, 6 insertions(+), 4 deletions(-) |
|
--- |
|
diff --git a/http.c b/http.c |
|
@@ -135,12 +135,14 @@ decode(const char src[PATH_MAX], char dest[PATH_MAX]) |
|
uint8_t n; |
|
const char *s; |
|
|
|
- for (s = src, i = 0; *s; s++, i++) { |
|
- if (*s == '%' && (sscanf(s + 1, "%2hhx", &n) == 1)) { |
|
+ for (s = src, i = 0; *s; i++) { |
|
+ if (*s == '%' && isxdigit((unsigned char)s[1]) && |
|
+ isxdigit((unsigned char)s[2])) { |
|
+ sscanf(s + 1, "%2hhx", &n); |
|
dest[i] = n; |
|
- s += 2; |
|
+ s += 3; |
|
} else { |
|
- dest[i] = *s; |
|
+ dest[i] = *s++; |
|
} |
|
} |
|
dest[i] = '\0'; |
