diff --git a/lib/parsers.c b/lib/parsers.c index bc69d2e8..2f0f4058 100644 --- a/lib/parsers.c +++ b/lib/parsers.c @@ -324,7 +324,7 @@ int lws_parse(struct lws *wsi, unsigned char c) switch (wsi->u.hdr.ups) { case URIPS_IDLE: /* genuine delimiter */ - if (c == '&' && !enc) { + if ((c == '&' || c == ';') && !enc) { issue_char(wsi, c); /* swallow the terminator */ ah->frags[ah->nfrag].len--; diff --git a/test-server/attack.sh b/test-server/attack.sh index dab8be77..5db93da9 100755 --- a/test-server/attack.sh +++ b/test-server/attack.sh @@ -83,6 +83,14 @@ check 2 "Root_Channels_1_Channel_name_http_post=?" check 3 "Root_Channels_1_Channel_location_http_post=?" check +echo +echo "---- ? processing (/cgi-bin/settings.js?key1=value1)" +rm -f /tmp/lwscap +echo -e "GET /cgi-bin/settings.js?key1=value1 HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap +check 1 "key1=value1" +check + + echo echo "---- ? processing (%2f%2e%2e%2f%2e./test.html?arg=1)" rm -f /tmp/lwscap