diff options
| author | Matthew DeVore <matvore@google.com> | 2019-06-04 10:57:05 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2019-06-04 14:48:25 -0700 |
| commit | d37dc239a427a367427f9c4fdf12a148ad811968 (patch) | |
| tree | 1bb79a242be4a4ffd8361a8b98eed573b2eb66ad /url.c | |
| parent | 3f6b8a6177f3197ddad82a6da2ff9b4704664f5d (diff) | |
url: do not allow %00 to represent NUL in URLs
There is no reason to allow %00 to terminate a string, so do not allow it. Otherwise, we end up returning arbitrary content in the string (that which is after the %00) which is effectively hidden from callers and can escape sanity checks and validation, and possible be used in tandem with a security vulnerability to introduce a payload. Helped-by: brian m. carlson <sandals@crustytoothpaste.net> Signed-off-by: Matthew DeVore <matvore@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'url.c')
| -rw-r--r-- | url.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/url.c b/url.c index 9ea9d5611b..1b8ef78cea 100644 --- a/url.c +++ b/url.c @@ -48,7 +48,7 @@ static char *url_decode_internal(const char **query, int len, if (c == '%' && (len < 0 || len >= 3)) { int val = hex2chr(q + 1); - if (0 <= val) { + if (0 < val) { strbuf_addch(out, val); q += 3; len -= 3; |