diff --git a/lib/parsers.c b/lib/parsers.c index 98e2c080..65d045de 100644 --- a/lib/parsers.c +++ b/lib/parsers.c @@ -216,7 +216,7 @@ int lws_parse(struct lws_context *context, struct lws *wsi, unsigned char c) WSI_TOKEN_PATCH_URI, WSI_TOKEN_DELETE_URI, }; - unsigned int n, m; + unsigned int n, m, enc = 0; switch (wsi->u.hdr.parser_state) { default: @@ -286,6 +286,7 @@ int lws_parse(struct lws_context *context, struct lws *wsi, unsigned char c) } c = (char_to_hex(wsi->u.hdr.esc_stash) << 4) | char_to_hex(c); + enc = 1; wsi->u.hdr.ues = URIES_IDLE; break; } @@ -360,7 +361,7 @@ int lws_parse(struct lws_context *context, struct lws *wsi, unsigned char c) break; } - if (c == '?') { /* start of URI arguments */ + if (c == '?' && !enc) { /* start of URI arguments */ /* seal off uri header */ wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = '\0'; diff --git a/test-server/attack.sh b/test-server/attack.sh index 3413b44e..d9defec2 100755 --- a/test-server/attack.sh +++ b/test-server/attack.sh @@ -56,6 +56,14 @@ while [ -z "`grep Listening $LOG`" ] ; do done check +echo +echo "---- /cgi-bin/settingsjs?UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=%3F&Root_Channels_1_Channel_location_http_post=%3F" +rm -f /tmp/lwscap +echo -e "GET /cgi-bin/settingsjs?UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=%3F&Root_Channels_1_Channel_location_http_post=%3F HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap +check args "UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=?&Root_Channels_1_Channel_location_http_post=?" + + + echo echo "---- ? processing (%2f%2e%2e%2f%2e./test.html?arg=1)" rm -f /tmp/lwscap