commit 00781742c5578afa15d0b2dbc86adf47870fb94f from: Omar Polo date: Fri Dec 25 23:37:43 2020 UTC reject %00 commit - df6ca41da36c3f617cbbf3302ab120721ebfcfd2 commit + 00781742c5578afa15d0b2dbc86adf47870fb94f blob - 1c9b75f2c471e4d3b9e67dba136bfb081e1a8d7e blob + 16a1b3919227497d33a592eabc9e009fafc75a32 --- README.md +++ README.md @@ -220,3 +220,6 @@ since it's relative to the document root. * a %2F sequence in the path part is indistinguishable from a literal slash: this is not RFC3986-compliant. +* a %00 sequence either in the path or in the query part is treated as + invalid character and thus rejected. + blob - edf67d5281ed871d651552902d513166ee9d2d2c blob + 5c9aeb6613600df71d049f8f1cd51af53d7c976f --- gmid.1 +++ gmid.1 @@ -192,4 +192,7 @@ completely ignored. .It a %2F sequence in the path part is indistinguishable from a literal slash: this is not RFC3986-compliant. +.It +a %00 sequence either in the path or in the query part is treated as +invalid character and thus rejected. .El blob - 3f81b762a5c8152496864bf438e9f8c16be84c63 blob + 26e81328b43a4307db1ac7abdf026ed136ac1775 --- uri.c +++ uri.c @@ -172,6 +172,10 @@ parse_pct_encoded(struct parser *p) sscanf(p->uri+1, "%2hhx", p->uri); memmove(p->uri+1, p->uri+3, strlen(p->uri+3)+1); + if (*p->uri == '\0') { + p->err = "illegal percent-encoding"; + return 0; + } return 1; } @@ -252,6 +256,9 @@ parse_authority(struct parser *p) || parse_pct_encoded(p)) p->uri++; + if (p->err != NULL) + return 0; + if (*p->uri == ':') { *p->uri = '\0'; p->uri++; @@ -356,6 +363,9 @@ parse_query(struct parser *p) || valid_multibyte_utf8(p)) p->uri++; + if (p->err != NULL) + return 0; + if (*p->uri != '\0' && *p->uri != '#') { p->err = "illegal character in query"; return 0; @@ -397,6 +407,9 @@ parse_path(struct parser *p) || valid_multibyte_utf8(p)) p->uri++; + if (p->err != NULL) + return 0; + if (*p->uri != '\0' && *p->uri != '?' && *p->uri != '#') { p->err = "illegal character in path"; return 0;