kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity
Browse Source

Merge branch 'md/url-parse-harden' into maint 

The URL decoding code has been updated to avoid going past the end
of the string while parsing %-<hex>-<hex> sequence.

* md/url-parse-harden:
  url: do not allow %00 to represent NUL in URLs
  url: do not read past end of buffer
maint
Junio C Hamano 6 years ago
parent
167d02aa58 d37dc239a4
commit
d7267d55ef
1 changed files with 2 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      url.c

4
url.c
Unescape View File

@ -46,9 +46,9 @@ static char *url_decode_internal(const char **query, int len,
break; break;
} }


if (c == '%') { if (c == '%' && (len < 0 || len >= 3)) {
int val = hex2chr(q + 1); int val = hex2chr(q + 1);
if (0 <= val) { if (0 < val) {
strbuf_addch(out, val); strbuf_addch(out, val);
q += 3; q += 3;
len -= 3; len -= 3;

Write Preview
Loading…
Cancel
Save