commit ab1f4173e36ffd7e070f378603cfb90869afa404
parent 21cb8fa118e7703ce21f517a7af46fe0fe72722c
Author: Evgeny Grin (Karlson2k) <k2k@drgrin.dev>
Date: Wed, 23 Apr 2025 19:20:22 +0200
Zero-terminate URL parameters after PCT-decoding
Diffstat:
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/src/mhd2/stream_process_request.c b/src/mhd2/stream_process_request.c
@@ -1175,7 +1175,6 @@ mhd_parse_get_args (size_t args_len,
else if ('=' == args[i])
{
/* Found start of the value */
- args[i] = 0; /* zero-terminate the name */
for (value_start = ++i; i < args_len; ++i) /* Processing parameter value */
{
if ('+' == args[i])
@@ -1188,24 +1187,20 @@ mhd_parse_get_args (size_t args_len,
else if ('&' == args[i])
break; /* End of the name of the parameter without a value */
}
- if (i < args_len) /* Zero-terminate if not terminated */
- args[i] = 0;
- /* assert below does not work correctly when compiler checks for
- the provided buffer size */
- /* mhd_assert (0 == args[i]); */
-
- /* Store found parameter */
+ /* PCT-decode, zero-terminate and store the found parameter */
if (0 != value_start) /* Value cannot start at zero position */
{ /* Name with value */
- mhd_assert (name_start + 2 <= value_start);
+ mhd_assert (name_start + 1 <= value_start);
name_len = value_start - name_start - 1;
value_len =
mhd_str_pct_decode_lenient_n (args + value_start, i - value_start,
args + value_start, i - value_start,
NULL); // TODO: add support for broken encoding detection
+ if (value_start + value_len < args_len)
+ args[value_start + value_len] = 0;
value.cstr = args + value_start;
value.len = value_len;
}
@@ -1219,6 +1214,8 @@ mhd_parse_get_args (size_t args_len,
name_len = mhd_str_pct_decode_lenient_n (args + name_start, name_len,
args + name_start, name_len,
NULL); // TODO: add support for broken encoding detection
+ if (name_start + name_len < args_len)
+ args[name_start + name_len] = 0;
name.cstr = args + name_start;
name.len = name_len;
if (! cb (cls, &name, &value))
