There is no reason to allow %00 to terminate a string, so do not allow it.
Otherwise, we end up returning arbitrary content in the string (that which is
after the %00) which is effectively hidden from callers and can escape sanity
checks and validation, and possible be used in tandem with a security
vulnerability to introduce a payload.
Helped-by: brian m. carlson <sandals@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Matthew DeVore <matvore@xxxxxxxxxx>
---
url.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/url.c b/url.c
index 9ea9d5611b..1b8ef78cea 100644
--- a/url.c
+++ b/url.c
@@ -41,21 +41,21 @@ static char *url_decode_internal(const char **query, int len,
if (!c)
break;
if (stop_at && strchr(stop_at, c)) {
q++;
len--;
break;
}
if (c == '%' && (len < 0 || len >= 3)) {
int val = hex2chr(q + 1);
- if (0 <= val) {
+ if (0 < val) {
strbuf_addch(out, val);
q += 3;
len -= 3;
continue;
}
}
if (decode_plus && c == '+')
strbuf_addch(out, ' ');
else
--
2.21.0
