diff --git a/src/ChangeLog b/src/ChangeLog index 25e41d94..1c444eb3 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2005-05-05 Hrvoje Niksic + + * url.c (url_unescape): Don't unescape %00, it effectively + truncates the string. + 2005-05-05 Hrvoje Niksic * log.c (copy_and_escape): Replace the FOR_URI argument with a diff --git a/src/url.c b/src/url.c index e89704d7..f77d8ad9 100644 --- a/src/url.c +++ b/src/url.c @@ -175,10 +175,16 @@ url_unescape (char *s) } else { + char c; /* Do nothing if '%' is not followed by two hex digits. */ if (!h[1] || !h[2] || !(ISXDIGIT (h[1]) && ISXDIGIT (h[2]))) goto copychar; - *t = X2DIGITS_TO_NUM (h[1], h[2]); + c = X2DIGITS_TO_NUM (h[1], h[2]); + /* Don't unescape %00 because there is no way to insert it + into a C string without effectively truncating it. */ + if (c == '\0') + goto copychar; + *t = c; h += 2; } }