Fixed URL decoding with invalid encoding. See #439.

2025-08-15 23:55:03 +03:00 · 2007-12-20 23:01:38 +00:00 · 2007-12-20 23:01:38 +00:00 · 9551218d23
commit 9551218d23
parent a210e73257
1 changed files with 18 additions and 44 deletions
--- a/apache2/msc_util.c
+++ b/apache2/msc_util.c
@ -733,20 +733,16 @@ int urldecode_uni_nonstrict_inplace_ex(unsigned char *input, long int input_len)
                        count++;
                        i += 6;
                    } else {
-                        /* Invalid data. */
+                        /* Invalid data, skip %u. */
-                        int j;
+                        *d++ = input[i++];
-
+                        *d++ = input[i++];
-                        for(j = 0; (j < 6)&&(i < input_len); j++) {
+                        count += 2;
                            *d++ = input[i++];
                            count++;
                        }
                    }
                } else {
-                    /* Not enough bytes available (4 data bytes were needed). */
+                    /* Not enough bytes (4 data bytes), skip %u. */
-                    while(i < input_len) {
+                    *d++ = input[i++];
-                        *d++ = input[i++];
+                    *d++ = input[i++];
-                        count++;
+                    count += 2;
                    }
                }
            }
            else {
@ -766,25 +762,14 @@ int urldecode_uni_nonstrict_inplace_ex(unsigned char *input, long int input_len)
                        count++;
                        i += 3;
                    } else {
-                        /* Not a valid encoding, copy the raw input bytes. */
+                        /* Not a valid encoding, skip this % */
-                        *d++ = '%';
+                        *d++ = input[i++];
-                        *d++ = c1;
+                        count++;
                        *d++ = c2;
                        count += 3;
                        i += 3;
                    }
                } else {
-                    /* Not enough bytes available. */
+                    /* Not enough bytes available, skip this % */
-                
+                    *d++ = input[i++];
                    *d++ = '%';
                    count++;
                    i++;
                    if (i + 1 < input_len) {
                        *d++ = input[i];
                        count++;
                        i++;
                    }
                }
            }
        }
@ -832,27 +817,16 @@ int urldecode_nonstrict_inplace_ex(unsigned char *input, long int input_len, int
                    count++;
                    i += 3;
                } else {
-                    /* Invalid encoding, just copy the raw bytes. */
+                    /* Not a valid encoding, skip this % */
-                    *d++ = '%';
+                    *d++ = input[i++];
-                    *d++ = c1;
+                    count ++;
                    *d++ = c2;
                    count += 3;
                    i += 3;
                    (*invalid_count)++; /* parens quiet compiler warning */
                }
            } else {
                /* Not enough bytes available, copy the raw bytes. */
                *d++ = input[i++];
                count ++;
                (*invalid_count)++; /* parens quiet compiler warning */
                *d++ = '%';
                count++;
                i++;
                if (i + 1 < input_len) {
                    *d++ = input[i];
                    count++;
                    i++;
                }
            }
        } else {
            /* Character is not a percent sign. */