diff options
| author |   jca <jca@openbsd.org> | 2015-02-27 17:38:19 +0000 |
|---|---|---|
| committer | jca <jca@openbsd.org> | 2015-02-27 17:38:19 +0000 |
| commit | 1e5dcc5b5c3d4f35661767ca2d6105ef5df9ba28 (patch) | |
| tree | a5c2c1a094a2ca73e676ff3d8f041d65e383f56c | |
| parent | When makewhatis(8) scans a tree, ignore trailing garbage on filenames. (diff) | |
| download | wireguard-openbsd-1e5dcc5b5c3d4f35661767ca2d6105ef5df9ba28.tar.xz wireguard-openbsd-1e5dcc5b5c3d4f35661767ca2d6105ef5df9ba28.zip | |
Fix URL-encoding of characters with the high order bit set.
Before/after:
127.0.0.1 - - [25/Feb/2015:09:39:24 +0100] "GET /h%ff%ffh%ff%ff.dat HTTP/1.0" 404 162 "-" "OpenBSD ftp"
127.0.0.1 - - [25/Feb/2015:09:39:27 +0100] "GET /h%c3%a9h%c3%a9.dat HTTP/1.0" 200 0 "-" "OpenBSD ftp"
Additionnally, avoid one case of undefined behaviour with ctype.h.
Input from guenther@, ok millert@
| -rw-r--r-- | usr.bin/ftp/fetch.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/usr.bin/ftp/fetch.c b/usr.bin/ftp/fetch.c index 6cb9094e2a7..9e2fbd27b07 100644 --- a/usr.bin/ftp/fetch.c +++ b/usr.bin/ftp/fetch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fetch.c,v 1.137 2015/01/16 06:40:08 deraadt Exp $ */ +/* $OpenBSD: fetch.c,v 1.138 2015/02/27 17:38:19 jca Exp $ */ /* $NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $ */ /*- @@ -104,9 +104,10 @@ static int redirect_loop; * - Unsafe characters. */ static int -unsafe_char(const char *c) +unsafe_char(const char *c0) { const char *unsafe_chars = " <>\"#{}|\\^~[]`"; + const unsigned char *c = (const unsigned char *)c0; /* * No corresponding graphic US-ASCII. @@ -154,7 +155,8 @@ url_encode(const char *path) */ for (i = 0; i < length; i++) if (unsafe_char(path + i)) { - snprintf(epathp, 4, "%%" "%02x", path[i]); + snprintf(epathp, 4, "%%" "%02x", + (unsigned char)path[i]); epathp += 3; } else *(epathp++) = path[i]; |