diff options
author | Junio C Hamano <gitster@pobox.com> | 2019-07-25 14:27:13 -0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2019-07-25 14:27:13 -0700 |
commit | d7267d55ef03c5b496901e2addf2f0a5da0f9cc3 (patch) | |
tree | ea260d71d1d8f240d91e5c17b3684ed2cc1eaaf4 | |
parent | Merge branch 'an/ignore-doc-update' into maint (diff) | |
parent | url: do not allow %00 to represent NUL in URLs (diff) | |
download | tgif-d7267d55ef03c5b496901e2addf2f0a5da0f9cc3.tar.xz |
Merge branch 'md/url-parse-harden' into maint
The URL decoding code has been updated to avoid going past the end
of the string while parsing %-<hex>-<hex> sequence.
* md/url-parse-harden:
url: do not allow %00 to represent NUL in URLs
url: do not read past end of buffer
-rw-r--r-- | url.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -46,9 +46,9 @@ static char *url_decode_internal(const char **query, int len, break; } - if (c == '%') { + if (c == '%' && (len < 0 || len >= 3)) { int val = hex2chr(q + 1); - if (0 <= val) { + if (0 < val) { strbuf_addch(out, val); q += 3; len -= 3; |