Regression in URL helper API

The backward compatibility logics in redirect.cc are not working as
intended on redirection URLs due to the presence of '=' in the URL and
how the key=value name parsing is performed.

A typical redirection URL looks like:
  http://example.com/?url=http://www.example.net/

and 3.4 has a parser that splits tokens at '=' unconditionally and then
passes the bits as a key and value to the redirector logics which
complains that it does not understand the answer of the URL redirector.
Or treats is an an unknown key=value with no redirection URL.

Either case is handled as a no-redirection result from the helper.

This limits the key names to alphanumeric, hyphen and underscore
characters. Valid URL responses contain characters outside this set and
should no longer be interpreted as keys regardless of the '=' character.

diff --git a/src/HelperReply.cc b/src/HelperReply.cc
index 433a9e0b69664208a601c1d1d93d5d96799db215..8442900e2e6f55fe71f7d41357d6a7651fa78dff 100644 (file)
--- a/src/HelperReply.cc
+++ b/src/HelperReply.cc
@@ -127,13 +127,33 @@ HelperReply::parse(char *buf, size_t len)
     }
 }
 
+/// restrict key names to alphanumeric, hyphen, underscore characters
+static bool
+isKeyNameChar(char c)
+{
+    if (c >= 'a' && c <= 'z')
+        return true;
+
+    if (c >= 'A' && c <= 'Z')
+        return true;
+
+    if (c >= '0' && c <= '9')
+        return true;
+
+    if (c == '-' || c == '_')
+        return true;
+
+    // prevent other characters matching the key=value
+    return false;
+}
+
 void
 HelperReply::parseResponseKeys()
 {
     // parse a "key=value" pair off the 'other()' buffer.
     while (other().hasContent()) {
         char *p = modifiableOther().content();
-        while (*p && *p != '=' && *p != ' ') ++p;
+        while (*p && isKeyNameChar(*p)) ++p;
         if (*p != '=')
             return; // done. Not a key.