On Fri, Sep 26, 2014 at 08:12:37PM -0500, Salz, Rich wrote:
> > You're doing "HTML-entity" decoding here. URL decoding uses only the
> > "%xx" stuff. See RFC3986.
> >
> > + else if (*p != '%')
> > + *out++ = *p;
>
> Yes, I was treating it as an HTML form, not just a strict URI encoding.
Decoding "+" as a space applies only in the query part of the URL,
in the base URI, "+" is a literal. Do doing this right requires
a more sophisticated parser.
My incomplete memory of URL syntax is:
http://[user[:pass]@]host[:port/path1/path2/.../pathN[?param1=value1[&...]][#anchor]
with various required encodings to prevent ambiguity that are
context dependent! Parsing URLs correctly requires a bit of care.
Are we trying to extract form data from the URL? What is the goal
here?
> > + /* URL decode? Really shouldn't be needed. */
> > + if (strchr(p, '+') != NULL && strchr(p, '%') != NULL)
> > + p = urldecode(p);
>
> The comment was misleading and the second test isn't needed (and the && was
> wrong). So:
> /* URL decode? Might not be needed, so check first. */
> if (strchr(p, '%') != NULL)
> p = urldecode(p);
The decoder does not correctly NUL terminate "p" when it shrinks
by replacing '%xx' with the corresponding octet.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
