Added tracking of the request URL length.

URL may have binary zeros after url-decoding, the length helps to detect
such situations.

2 files changed, 16 insertions, 3 deletions

diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
index 463fc88e..9068ee08 100644
--- a/src/microhttpd/connection.c
+++ b/src/microhttpd/connection.c
@@ -2427,6 +2427,7 @@ transmit_error_response_len (struct MHD_Connection *connection,
     connection->version = NULL;
     connection->method = NULL;
     connection->url = NULL;
+    connection->url_len = 0;
     connection->last = NULL;
     connection->colon = NULL;
     connection->headers_received = NULL;
@@ -3366,9 +3367,15 @@ parse_initial_message_line (struct MHD_Connection *connection,
 
   /* unescape URI *after* searching for arguments and log callback */
   if (NULL != uri)
-    daemon->unescape_callback (daemon->unescape_callback_cls,
-                               connection,
-                               uri);
+  {
+    connection->url_len =
+      daemon->unescape_callback (daemon->unescape_callback_cls,
+                                 connection,
+                                 uri);
+  }
+  else
+    connection->url_len = 0;
+
   connection->url = curi;
   return MHD_YES;
 }
@@ -4755,6 +4762,7 @@ connection_reset (struct MHD_Connection *connection,
     c->method = NULL;
     c->http_mthd = MHD_HTTP_MTHD_NO_METHOD;
     c->url = NULL;
+    c->url_len = 0;
     memset (&c->rp_props, 0, sizeof(c->rp_props));
     c->write_buffer = NULL;
     c->write_buffer_size = 0;
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
index 1fbb6e65..6906e1bb 100644
--- a/src/microhttpd/internal.h
+++ b/src/microhttpd/internal.h
@@ -1034,6 +1034,11 @@ struct MHD_Connection
   const char *url;
 
   /**
+   * The length of the @a url in characters, not including the terminating zero.
+   */
+  size_t url_len;
+
+  /**
    * HTTP version string (i.e. http/1.1).  Allocated
    * in pool.
    */