From: Amos Jeffries Date: Wed, 11 Dec 2013 11:12:43 +0000 (-0800) Subject: Regression in URL helper API X-Git-Tag: SQUID_3_5_0_1~464 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=acf2ce75b049b0607a6ea4a8def6471af2bc81f1;p=thirdparty%2Fsquid.git Regression in URL helper API The backward compatibility logics in redirect.cc are not working as intended on redirection URLs due to the presence of '=' in the URL and how the key=value name parsing is performed. A typical redirection URL looks like: http://example.com/?url=http://www.example.net/ and 3.4 has a parser that splits tokens at '=' unconditionally and then passes the bits as a key and value to the redirector logics which complains that it does not understand the answer of the URL redirector. Or treats is an an unknown key=value with no redirection URL. Either case is handled as a no-redirection result from the helper. This limits the key names to alphanumeric, hyphen and underscore characters. Valid URL responses contain characters outside this set and should no longer be interpreted as keys regardless of the '=' character. --- diff --git a/src/HelperReply.cc b/src/HelperReply.cc index 80857e5394..13dade26f8 100644 --- a/src/HelperReply.cc +++ b/src/HelperReply.cc @@ -127,13 +127,33 @@ HelperReply::parse(char *buf, size_t len) } } +/// restrict key names to alphanumeric, hyphen, underscore characters +static bool +isKeyNameChar(char c) +{ + if (c >= 'a' && c <= 'z') + return true; + + if (c >= 'A' && c <= 'Z') + return true; + + if (c >= '0' && c <= '9') + return true; + + if (c == '-' || c == '_') + return true; + + // prevent other characters matching the key=value + return false; +} + void HelperReply::parseResponseKeys() { // parse a "key=value" pair off the 'other()' buffer. while (other().hasContent()) { char *p = modifiableOther().content(); - while (*p && *p != '=' && *p != ' ') ++p; + while (*p && isKeyNameChar(*p)) ++p; if (*p != '=') return; // done. Not a key.