From 31e6be23a3 Mon Sep 17 00:00:00 2001

Subject: [PATCH] uri parsing: fix percent interaction with dotdot

https://github.com/warmcat/libwebsockets/issues/481#issuecomment-205863482

- fix inconsistent percent-encoding parsing where dots would sometimes
  interact wrongly when non-hex chars follow

/foo/.%xyz now stays as-is instead of swapping . and %

Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>

lib/parsers.c

@@ -556,6 +556,9 @@ lws_parse(struct lws *wsi, unsigned char c)
 		/* special URI processing... convert %xx */
 
 		switch (wsi->u.hdr.ues) {
+		case URIES_VERBATIM:
+			/* do nothing */
+			break;
 		case URIES_IDLE:
 			if (c == '%') {
 				wsi->u.hdr.ues = URIES_SEEN_PERCENT;
@@ -565,7 +568,8 @@ lws_parse(struct lws *wsi, unsigned char c)
 		case URIES_SEEN_PERCENT:
 			if (char_to_hex(c) < 0) {
 				/* regurgitate */
-				if (issue_char(wsi, '%') < 0)
+				wsi->u.hdr.ues = URIES_VERBATIM;
+				if (lws_parse(wsi, '%') < 0)
 					return -1;
 				wsi->u.hdr.ues = URIES_IDLE;
 				/* continue on to assess c */
@@ -578,7 +582,8 @@ lws_parse(struct lws *wsi, unsigned char c)
 		case URIES_SEEN_PERCENT_H1:
 			if (char_to_hex(c) < 0) {
 				/* regurgitate */
-				if (issue_char(wsi, '%') < 0)
+				wsi->u.hdr.ues = URIES_VERBATIM;
+				if (lws_parse(wsi, '%') < 0)
 					return -1;
 				wsi->u.hdr.ues = URIES_IDLE;
 				/* regurgitate + assess */

lib/private-libwebsockets.h

@@ -776,6 +776,7 @@ enum uri_esc_states {
 	URIES_IDLE,
 	URIES_SEEN_PERCENT,
 	URIES_SEEN_PERCENT_H1,
+	URIES_VERBATIM,
 };
 
 /* notice that these union members: