From cac012f46c18dcd7a91dbbb2474acfbbc4283b5e Mon Sep 17 00:00:00 2001
From: Denis Osvald <denis.osvald@sartura.hr>
Date: Tue, 5 Apr 2016 18:42:28 +0200
Subject: [PATCH] uri parsing: fix percent interaction with dotdot

https://github.com/warmcat/libwebsockets/issues/481#issuecomment-205863482

- fix inconsistent percent-encoding parsing where dots would sometimes
  interact wrongly when non-hex chars follow

/foo/.%xyz now stays as-is instead of swapping . and %

Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
---
 lib/parsers.c               | 9 +++++++--
 lib/private-libwebsockets.h | 1 +
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/parsers.c b/lib/parsers.c
index afafaebeb..f572c7900 100644
--- a/lib/parsers.c
+++ b/lib/parsers.c
@@ -596,6 +596,9 @@ lws_parse(struct lws *wsi, unsigned char c)
 		/* special URI processing... convert %xx */
 
 		switch (wsi->u.hdr.ues) {
+		case URIES_VERBATIM:
+			/* do nothing */
+			break;
 		case URIES_IDLE:
 			if (c == '%') {
 				wsi->u.hdr.ues = URIES_SEEN_PERCENT;
@@ -605,7 +608,8 @@ lws_parse(struct lws *wsi, unsigned char c)
 		case URIES_SEEN_PERCENT:
 			if (char_to_hex(c) < 0) {
 				/* regurgitate */
-				if (issue_char(wsi, '%') < 0)
+				wsi->u.hdr.ues = URIES_VERBATIM;
+				if (lws_parse(wsi, '%') < 0)
 					return -1;
 				wsi->u.hdr.ues = URIES_IDLE;
 				/* continue on to assess c */
@@ -618,7 +622,8 @@ lws_parse(struct lws *wsi, unsigned char c)
 		case URIES_SEEN_PERCENT_H1:
 			if (char_to_hex(c) < 0) {
 				/* regurgitate */
-				if (issue_char(wsi, '%') < 0)
+				wsi->u.hdr.ues = URIES_VERBATIM;
+				if (lws_parse(wsi, '%') < 0)
 					return -1;
 				wsi->u.hdr.ues = URIES_IDLE;
 				/* regurgitate + assess */
diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h
index 8774d003a..e0393cbda 100644
--- a/lib/private-libwebsockets.h
+++ b/lib/private-libwebsockets.h
@@ -851,6 +851,7 @@ enum uri_esc_states {
 	URIES_IDLE,
 	URIES_SEEN_PERCENT,
 	URIES_SEEN_PERCENT_H1,
+	URIES_VERBATIM,
 };
 
 /* notice that these union members: