Fixed: [PATCH 2/3] uhttpd URL-codec enhancements.

My apologies, the 2nd of those patches had a syntax error -- that's what I get for making a last-minute edit, even to the comments, without testing! :-p Here is the corrected patch. -- David From d259cff104d2084455476b82e92a3a27524f4263 Mon Sep 17 00:00:00 2001 From: David Favro <openwrt@meta-dynamic.com> Date: Fri, 27 Apr 2012 14:17:52 -0400 Subject: [PATCH] uhttpd URL-codec enhancements. * uh_urlencode() and uh_urldecode() now return an error condition for buffer-overflow and malformed-encoding rather than normal return with corrupt or truncated data. As HTTP request processing is currently implemented, this causes a 404 HTTP status returned to the client, while 400 is more appropriate. * Exposed urlencode() to Lua. * Lua's uhttpd.urlencode() and .urldecode() now raise an error condition for buffer-overflow and malformed-encoding rather than normal return with incorrect data. git-svn-id: svn://svn.openwrt.org/openwrt/trunk@31570 3c298f89-4303-0410-b956-a3cf2f4a3e73
2025-04-21 12:27:27 +03:00 · 2012-05-03 17:19:18 +00:00
parent f6dc56506d
commit 8329c6da4f
3 changed files with 52 additions and 21 deletions
--- a/package/uhttpd/src/uhttpd.c
+++ b/package/uhttpd/src/uhttpd.c
@@ -948,9 +948,10 @@ int main (int argc, char **argv)
 					for (opt = 0; optarg[opt]; opt++)
 						if (optarg[opt] == '+')
 							optarg[opt] = ' ';
-
-					memset(port, 0, strlen(optarg)+1);
-					uh_urldecode(port, strlen(optarg), optarg, strlen(optarg));
+					/* opt now contains strlen(optarg) -- no need to re-scan */
+					memset(port, 0, opt+1);
+					if (uh_urldecode(port, opt, optarg, opt) < 0)
+					    fprintf( stderr, "uhttpd: invalid encoding\n" );

 					printf("%s", port);
 					free(port);