Consider %00 an invalid character in a URL.
Thanks to [email protected] for the security report.
---
This is 7 in the list evilrabbit sent.
Also thanks for the comment Alex, but, for me at least I think the
comment makes that last check clearer. Otherwise I have to stop and
think for a second what it's doing. I'm old and slower though! :-)
url.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/url.c b/url.c
index 19a52443..fddbc6f2 100644
--- a/url.c
+++ b/url.c
@@ -60,7 +60,9 @@ static int url_pct_decode (char *s)
if (s[1] && s[2] &&
isxdigit ((unsigned char) s[1]) &&
isxdigit ((unsigned char) s[2]) &&
- hexval (s[1]) >= 0 && hexval (s[2]) >= 0)
+ hexval(s[1]) >= 0 && hexval(s[2]) >= 0 &&
+ // check for embedded nul
+ (hexval(s[1]) > 0 || hexval(s[2]) > 0))
{
*d++ = (hexval (s[1]) << 4) | (hexval (s[2]));
s += 2;
--
2.53.0
