Regression in URL helper API

The backward compatibility logics in redirect.cc are not working as
intended on redirection URLs due to the presence of '=' in the URL and
how the key=value name parsing is performed.

A typical redirection URL looks like:
  http://example.com/?url=http://www.example.net/

and 3.4 has a parser that splits tokens at '=' unconditionally and then
passes the bits as a key and value to the redirector logics which
complains that it does not understand the answer of the URL redirector.
Or treats is an an unknown key=value with no redirection URL.

Either case is handled as a no-redirection result from the helper.

This limits the key names to alphanumeric, hyphen and underscore
characters. Valid URL responses contain characters outside this set and
should no longer be interpreted as keys regardless of the '=' character.

diff --git a/src/HelperReply.cc b/src/HelperReply.cc
index 80857e539424258ddf44dd45c97d619e1aa5d39a..13dade26f868f8b666d6e08208ce5dddb1a86ab2 100644 (file)
--- a/src/HelperReply.cc
+++ b/src/HelperReply.cc
@@ -127,13 +127,33 @@ HelperReply::parse(char *buf, size_t len)
     }
 }
 
+/// restrict key names to alphanumeric, hyphen, underscore characters
+static bool
+isKeyNameChar(char c)
+{
+    if (c >= 'a' && c <= 'z')
+        return true;
+
+    if (c >= 'A' && c <= 'Z')
+        return true;
+
+    if (c >= '0' && c <= '9')
+        return true;
+
+    if (c == '-' || c == '_')
+        return true;
+
+    // prevent other characters matching the key=value
+    return false;
+}
+
 void
 HelperReply::parseResponseKeys()
 {
     // parse a "key=value" pair off the 'other()' buffer.
     while (other().hasContent()) {
         char *p = modifiableOther().content();
-        while (*p && *p != '=' && *p != ' ') ++p;
+        while (*p && isKeyNameChar(*p)) ++p;
         if (*p != '=')
             return; // done. Not a key.