From 486d672e998372a1eed6ef4fb9f4f32f162af9fd Mon Sep 17 00:00:00 2001 From: hniksic Date: Thu, 5 May 2005 07:05:00 -0700 Subject: [PATCH] [svn] Don't unescape %00. --- src/ChangeLog | 5 +++++ src/url.c | 8 +++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/ChangeLog b/src/ChangeLog index 25e41d94..1c444eb3 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2005-05-05 Hrvoje Niksic + + * url.c (url_unescape): Don't unescape %00, it effectively + truncates the string. + 2005-05-05 Hrvoje Niksic * log.c (copy_and_escape): Replace the FOR_URI argument with a diff --git a/src/url.c b/src/url.c index e89704d7..f77d8ad9 100644 --- a/src/url.c +++ b/src/url.c @@ -175,10 +175,16 @@ url_unescape (char *s) } else { + char c; /* Do nothing if '%' is not followed by two hex digits. */ if (!h[1] || !h[2] || !(ISXDIGIT (h[1]) && ISXDIGIT (h[2]))) goto copychar; - *t = X2DIGITS_TO_NUM (h[1], h[2]); + c = X2DIGITS_TO_NUM (h[1], h[2]); + /* Don't unescape %00 because there is no way to insert it + into a C string without effectively truncating it. */ + if (c == '\0') + goto copychar; + *t = c; h += 2; } }