Hello,
Next update, removed redundant if statement.
-Noah Sanci
On Fri, Aug 27, 2021 at 11:07 AM Noah Sanci <nsa...@redhat.com> wrote:
>
> Hello
>
> Update 2, no longer append nulls unnecessarily.
>
> -Noah Sanci
>
> On Fri, Aug 27, 2021 at 10:44 AM Noah Sanci <nsa...@redhat.com> wrote:
> >
> > Hello,
> >
> > Here is an updated patch, using memmove. Much smaller.
> >
> > Thanks for the suggestions,
> >
> > Noah Sanci
> >
> >
> > On Thu, Aug 26, 2021 at 5:02 PM Frank Ch. Eigler <f...@redhat.com> wrote:
> > >
> > > Hi -
> > >
> > > > /* PR28034 escape characters in completed url to %hh format.
> > > > */
> > > > - char *escaped_string;
> > > > - escaped_string = curl_easy_escape(data[i].handle, filename,
> > > > 0);
> > > > - if (!escaped_string)
> > > > + char escaped_string[PATH_MAX] = {'\0'};
> > > > + char *loc = (char *) filename;
> > > > + char *loc2;
> > > > + char *tmp;
> > > > + for(size_t j = 0; j < strlen(filename); ++j)
> > > > {
> > > > - rc = -ENOMEM;
> > > > - goto out2;
> > > > + loc2 = strstr(loc, "/");
> > > > + // If the first character is a '/'
> > > > [...]
> > >
> > > Holy cow that's a lot of work to do it this way.
> > > A couple of alternatives:
> > >
> > > - ditch curl_easy_escape :-( and use a
> > > malloc(strlen(x)*3)
> > > byte-by-byte copy from source string into destination
> > > if not [a-zA-Z0-9/.~] then %-escape
> > >
> > > or:
> > > - keep curl_easy_escape and postprocess
> > > byte-by-byte examine the result of curl_easy_escape
> > > - if seeing a "%2F", replace the % with a / and memmove the
> > > rest of the string 2 bytes ahead
> > >
> > > It shouldn't need strtok or strstr or a lot of logic or stuff like
> > > that really.
> > >
> > > - FChE
> > >
From a27c9a82546b040fbb8e5263003fd8fb33f1f1e0 Mon Sep 17 00:00:00 2001
From: Noah Sanci <nsa...@redhat.com>
Date: Fri, 16 Jul 2021 15:16:20 -0400
Subject: [PATCH] debuginfod: PR28034 - client-side %-escape url characters
When requesting some source files, some URL-inconvenient chars
sometimes pop up. Example from f33 libstdc++:
/buildid/44d8485cb75512c2ca5c8f70afbd475cae30af4f/source/usr/src/debug/
gcc-10.3.1-1.fc33.x86_64/obj-x86_64-redhat-linux/x86_64-redhat-linux/
libstdc++-v3/src/c++11/../../../../../libstdc++-v3/src/c++11/
condition_variable.cc
As this URL is passed into debuginfod's handler_cb, it appears that the
+ signs are helpfully unescaped to spaces by libmicrohttpd, which
'course breaks everything.
In order to ensure the server properly parses urls such as this one,
%-escape characters on the client side so that the correct url
is preserved and properly processed on the server side.
https://sourceware.org/bugzilla/show_bug.cgi?id=28034
Signed-off-by: Noah Sanci <nsa...@redhat.com>
---
debuginfod/debuginfod-client.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
index 7d4b220f..73960424 100644
--- a/debuginfod/debuginfod-client.c
+++ b/debuginfod/debuginfod-client.c
@@ -906,12 +906,20 @@ debuginfod_query_server (debuginfod_client *c,
/* PR28034 escape characters in completed url to %hh format. */
char *escaped_string;
escaped_string = curl_easy_escape(data[i].handle, filename, 0);
+ char *loc = escaped_string;
if (!escaped_string)
{
rc = -ENOMEM;
goto out2;
}
- snprintf(data[i].url, PATH_MAX, "%s/%s/%s/%s", server_url,
+
+ while( (loc = strstr(loc, "%2F")) )
+ {
+ loc[0] = '/';
+ // pull the string back after replacement
+ memmove(loc+1,loc+3,strlen(loc+3)+1);
+ }
+ snprintf(data[i].url, PATH_MAX, "%s/%s/%s%s", server_url,
build_id_bytes, type, escaped_string);
curl_free(escaped_string);
}
--
2.31.1
