Package: tcptrace
Version: 6.6.7-3
Severity: normal
Percent-encoding encodes the ascii code as % followed by two hexadecimal
digits. The unparsing in mod_http unencodes by calling atoi() -- i.e.
treating the digits as being in base 10. Hilarity ensues.
Patch attached to this report.
-- System Information:
Debian Release: 6.0.1
APT prefers stable
APT policy: (900, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.37+ (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages tcptrace depends on:
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libpcap0.8 1.1.1-2 system interface for user-level pa
Versions of packages tcptrace recommends:
ii tcpdump 4.1.1-2csr1 command-line network traffic analy
ii xplot-xplot.org 0.90.7.1-2 fast tool to graph and visualize l
tcptrace suggests no packages.
-- no debconf information
>From f7d29e8db92e7c7bfe95c4b60a27b63c8ee8d812 Mon Sep 17 00:00:00 2001
From: Christophe Rhodes <cs...@cantab.net>
Date: Wed, 27 Apr 2011 09:00:30 +0100
Subject: [PATCH] unparse %-encoded URLs less wrongly
---
mod_http.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/mod_http.c b/mod_http.c
index c9c9a2b..5d79688 100644
--- a/mod_http.c
+++ b/mod_http.c
@@ -920,7 +920,7 @@ static char * formatGetString(char * s)
ascii[0] = s[i+1];
ascii[1] = s[i+2];
ascii[2] = 0;
- buf[j++] = atoi(ascii);
+ buf[j++] = strtol(ascii, NULL, 16);
i = i+3;
} else {
buf[j++] = s[i];
--
1.7.2.5
