commit - df6ca41da36c3f617cbbf3302ab120721ebfcfd2
commit + 00781742c5578afa15d0b2dbc86adf47870fb94f
blob - 1c9b75f2c471e4d3b9e67dba136bfb081e1a8d7e
blob + 16a1b3919227497d33a592eabc9e009fafc75a32
--- README.md
+++ README.md
* a %2F sequence in the path part is indistinguishable from a literal
slash: this is not RFC3986-compliant.
+* a %00 sequence either in the path or in the query part is treated as
+ invalid character and thus rejected.
+
blob - edf67d5281ed871d651552902d513166ee9d2d2c
blob + 5c9aeb6613600df71d049f8f1cd51af53d7c976f
--- gmid.1
+++ gmid.1
.It
a %2F sequence in the path part is indistinguishable from a literal
slash: this is not RFC3986-compliant.
+.It
+a %00 sequence either in the path or in the query part is treated as
+invalid character and thus rejected.
.El
blob - 3f81b762a5c8152496864bf438e9f8c16be84c63
blob + 26e81328b43a4307db1ac7abdf026ed136ac1775
--- uri.c
+++ uri.c
sscanf(p->uri+1, "%2hhx", p->uri);
memmove(p->uri+1, p->uri+3, strlen(p->uri+3)+1);
+ if (*p->uri == '\0') {
+ p->err = "illegal percent-encoding";
+ return 0;
+ }
return 1;
}
|| parse_pct_encoded(p))
p->uri++;
+ if (p->err != NULL)
+ return 0;
+
if (*p->uri == ':') {
*p->uri = '\0';
p->uri++;
|| valid_multibyte_utf8(p))
p->uri++;
+ if (p->err != NULL)
+ return 0;
+
if (*p->uri != '\0' && *p->uri != '#') {
p->err = "illegal character in query";
return 0;
|| valid_multibyte_utf8(p))
p->uri++;
+ if (p->err != NULL)
+ return 0;
+
if (*p->uri != '\0' && *p->uri != '?' && *p->uri != '#') {
p->err = "illegal character in path";
return 0;