Module Name: src
Committed By: mrg
Date: Sat Mar 9 21:36:04 UTC 2013
Modified Files:
src/libexec/httpd: bozohttpd.c
Log Message:
fix PR 47629, using a slightly different patch to the one in the PR.
this modifies escape_rfc3986() to escape '%' itself, and to properly
track the buffer size and nul out the final byte, not some random
byte that may actually be unmapped.
To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.33 src/libexec/httpd/bozohttpd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.32 src/libexec/httpd/bozohttpd.c:1.33
--- src/libexec/httpd/bozohttpd.c:1.32 Thu Jul 19 09:53:06 2012
+++ src/libexec/httpd/bozohttpd.c Sat Mar 9 21:36:04 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.c,v 1.32 2012/07/19 09:53:06 mrg Exp $ */
+/* $NetBSD: bozohttpd.c,v 1.33 2013/03/09 21:36:04 mrg Exp $ */
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
@@ -871,7 +871,7 @@ escape_rfc3986(bozohttpd_t *httpd, const
return buf;
}
- for (s = url, d = buf; *s;) {
+ for (len = 0, s = url, d = buf; *s;) {
if (*s & 0x80)
goto encode_it;
switch (*s) {
@@ -893,13 +893,16 @@ escape_rfc3986(bozohttpd_t *httpd, const
case ',':
case ';':
case '=':
+ case '%':
encode_it:
snprintf(d, 4, "%%%2X", *s++);
d += 3;
len += 3;
+ break;
default:
*d++ = *s++;
len++;
+ break;
}
}
buf[len] = 0;
