From 5d2b4cccaf031b168cb15179d4c64e14eca4cd31 Mon Sep 17 00:00:00 2001 From: Denis Osvald Date: Tue, 5 Apr 2016 18:42:28 +0200 Subject: [PATCH] From 31e6be23a39ed6321908e4e35d43ef160053f616 Mon Sep 17 00:00:00 2001 Subject: [PATCH] uri parsing: fix percent interaction with dotdot https://github.com/warmcat/libwebsockets/issues/481#issuecomment-205863482 - fix inconsistent percent-encoding parsing where dots would sometimes interact wrongly when non-hex chars follow /foo/.%xyz now stays as-is instead of swapping . and % Signed-off-by: Denis Osvald --- lib/parsers.c | 9 +++++++-- lib/private-libwebsockets.h | 1 + 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/parsers.c b/lib/parsers.c index 91db36bb4..a73d00ba9 100644 --- a/lib/parsers.c +++ b/lib/parsers.c @@ -556,6 +556,9 @@ lws_parse(struct lws *wsi, unsigned char c) /* special URI processing... convert %xx */ switch (wsi->u.hdr.ues) { + case URIES_VERBATIM: + /* do nothing */ + break; case URIES_IDLE: if (c == '%') { wsi->u.hdr.ues = URIES_SEEN_PERCENT; @@ -565,7 +568,8 @@ lws_parse(struct lws *wsi, unsigned char c) case URIES_SEEN_PERCENT: if (char_to_hex(c) < 0) { /* regurgitate */ - if (issue_char(wsi, '%') < 0) + wsi->u.hdr.ues = URIES_VERBATIM; + if (lws_parse(wsi, '%') < 0) return -1; wsi->u.hdr.ues = URIES_IDLE; /* continue on to assess c */ @@ -578,7 +582,8 @@ lws_parse(struct lws *wsi, unsigned char c) case URIES_SEEN_PERCENT_H1: if (char_to_hex(c) < 0) { /* regurgitate */ - if (issue_char(wsi, '%') < 0) + wsi->u.hdr.ues = URIES_VERBATIM; + if (lws_parse(wsi, '%') < 0) return -1; wsi->u.hdr.ues = URIES_IDLE; /* regurgitate + assess */ diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h index 627587fe3..8b206ce77 100644 --- a/lib/private-libwebsockets.h +++ b/lib/private-libwebsockets.h @@ -776,6 +776,7 @@ enum uri_esc_states { URIES_IDLE, URIES_SEEN_PERCENT, URIES_SEEN_PERCENT_H1, + URIES_VERBATIM, }; /* notice that these union members: