diff options
| author | Jeremie Courreges-Anglas <jca@cvs.openbsd.org> | 2015-02-27 17:38:20 +0000 |
|---|---|---|
| committer | Jeremie Courreges-Anglas <jca@cvs.openbsd.org> | 2015-02-27 17:38:20 +0000 |
| commit | c8259d33e046867d9f3d1688b677309020717570 (patch) | |
| tree | dd6b77cf63524c3892c86e7886d075bc79160e1f /usr.bin | |
| parent | 90717e69a76d8ffe09634f5062b5a7d35a15c4af (diff) | |
Fix URL-encoding of characters with the high order bit set.
Before/after:
127.0.0.1 - - [25/Feb/2015:09:39:24 +0100] "GET /h%ff%ffh%ff%ff.dat HTTP/1.0" 404 162 "-" "OpenBSD ftp"
127.0.0.1 - - [25/Feb/2015:09:39:27 +0100] "GET /h%c3%a9h%c3%a9.dat HTTP/1.0" 200 0 "-" "OpenBSD ftp"
Additionnally, avoid one case of undefined behaviour with ctype.h.
Input from guenther@, ok millert@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ftp/fetch.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/usr.bin/ftp/fetch.c b/usr.bin/ftp/fetch.c index 6cb9094e2a7..9e2fbd27b07 100644 --- a/usr.bin/ftp/fetch.c +++ b/usr.bin/ftp/fetch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fetch.c,v 1.137 2015/01/16 06:40:08 deraadt Exp $ */ +/* $OpenBSD: fetch.c,v 1.138 2015/02/27 17:38:19 jca Exp $ */ /* $NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $ */ /*- @@ -104,9 +104,10 @@ static int redirect_loop; * - Unsafe characters. */ static int -unsafe_char(const char *c) +unsafe_char(const char *c0) { const char *unsafe_chars = " <>\"#{}|\\^~[]`"; + const unsigned char *c = (const unsigned char *)c0; /* * No corresponding graphic US-ASCII. @@ -154,7 +155,8 @@ url_encode(const char *path) */ for (i = 0; i < length; i++) if (unsafe_char(path + i)) { - snprintf(epathp, 4, "%%" "%02x", path[i]); + snprintf(epathp, 4, "%%" "%02x", + (unsigned char)path[i]); epathp += 3; } else *(epathp++) = path[i]; |