mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-15 23:55:03 +03:00
Fix jsDecode \xHH to verify HH is there and valid hex. See #439.
This commit is contained in:
parent
5da9a05d1c
commit
d2dee97a31
@ -611,7 +611,8 @@ int js_decode_nonstrict_inplace(unsigned char *input, long int input_len) {
|
|||||||
count++;
|
count++;
|
||||||
i += 6;
|
i += 6;
|
||||||
}
|
}
|
||||||
else if ((i + 3 < input_len) && (input[i + 1] == 'x')) {
|
else if ( (i + 3 < input_len) && (input[i + 1] == 'x')
|
||||||
|
&& VALID_HEX(input[i + 2]) && VALID_HEX(input[i + 3])) {
|
||||||
/* \xHH */
|
/* \xHH */
|
||||||
*d++ = x2c(&input[i + 2]);
|
*d++ = x2c(&input[i + 2]);
|
||||||
count++;
|
count++;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user