From 6edfa1aff15ddde33c229307ad8471e7a06066d8 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Sat, 14 Dec 2013 22:33:33 -0700 Subject: [PATCH] Regression in URL helper API The backward compatibility logics in redirect.cc are not working as intended on redirection URLs due to the presence of '=' in the URL and how the key=value name parsing is performed. A typical redirection URL looks like: http://example.com/?url=http://www.example.net/ and 3.4 has a parser that splits tokens at '=' unconditionally and then passes the bits as a key and value to the redirector logics which complains that it does not understand the answer of the URL redirector. Or treats is an an unknown key=value with no redirection URL. Either case is handled as a no-redirection result from the helper. This limits the key names to alphanumeric, hyphen and underscore characters. Valid URL responses contain characters outside this set and should no longer be interpreted as keys regardless of the '=' character. --- src/HelperReply.cc | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/src/HelperReply.cc b/src/HelperReply.cc index 433a9e0b69..8442900e2e 100644 --- a/src/HelperReply.cc +++ b/src/HelperReply.cc @@ -127,13 +127,33 @@ HelperReply::parse(char *buf, size_t len) } } +/// restrict key names to alphanumeric, hyphen, underscore characters +static bool +isKeyNameChar(char c) +{ + if (c >= 'a' && c <= 'z') + return true; + + if (c >= 'A' && c <= 'Z') + return true; + + if (c >= '0' && c <= '9') + return true; + + if (c == '-' || c == '_') + return true; + + // prevent other characters matching the key=value + return false; +} + void HelperReply::parseResponseKeys() { // parse a "key=value" pair off the 'other()' buffer. while (other().hasContent()) { char *p = modifiableOther().content(); - while (*p && *p != '=' && *p != ' ') ++p; + while (*p && isKeyNameChar(*p)) ++p; if (*p != '=') return; // done. Not a key. -- 2.47.2