summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar Junio C Hamano <gitster@pobox.com>2019-07-25 14:27:13 -0700
committerLibravatar Junio C Hamano <gitster@pobox.com>2019-07-25 14:27:13 -0700
commitd7267d55ef03c5b496901e2addf2f0a5da0f9cc3 (patch)
treeea260d71d1d8f240d91e5c17b3684ed2cc1eaaf4
parentMerge branch 'an/ignore-doc-update' into maint (diff)
parenturl: do not allow %00 to represent NUL in URLs (diff)
downloadtgif-d7267d55ef03c5b496901e2addf2f0a5da0f9cc3.tar.xz
Merge branch 'md/url-parse-harden' into maint
The URL decoding code has been updated to avoid going past the end of the string while parsing %-<hex>-<hex> sequence. * md/url-parse-harden: url: do not allow %00 to represent NUL in URLs url: do not read past end of buffer
-rw-r--r--url.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/url.c b/url.c
index 25576c390b..1b8ef78cea 100644
--- a/url.c
+++ b/url.c
@@ -46,9 +46,9 @@ static char *url_decode_internal(const char **query, int len,
break;
}
- if (c == '%') {
+ if (c == '%' && (len < 0 || len >= 3)) {
int val = hex2chr(q + 1);
- if (0 <= val) {
+ if (0 < val) {
strbuf_addch(out, val);
q += 3;
len -= 3;