You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Randy Terbush <ra...@zyzzyva.com> on 1997/05/07 06:11:09 UTC

[PATCH] SEGV in unescape_url()

This should probably not SEGV if passed a NULL argument. The change 
is just a one liner. The rest is just formating changes.


Index: util.c
===================================================================
RCS file: /export/home/cvs/apache/src/util.c,v
retrieving revision 1.52
diff -c -r1.52 util.c
*** util.c	1997/04/12 04:24:59	1.52
--- util.c	1997/05/07 04:10:39
***************
*** 755,775 ****
   *                      returns NOT_FOUND
   */
  int
! unescape_url(char *url) {
!     register int x,y, badesc, badpath;
  
      badesc = 0;
      badpath = 0;
!     for(x=0,y=0;url[y];++x,++y) {
! 	if (url[y] != '%') url[x] = url[y];
! 	else
! 	{
! 	    if (!isxdigit(url[y+1]) || !isxdigit(url[y+2]))
! 	    {
  		badesc = 1;
  		url[x] = '%';
! 	    } else
! 	    {
  		url[x] = x2c(&url[y+1]);
  		y += 2;
  		if (url[x] == '/' || url[x] == '\0') badpath = 1;
--- 755,779 ----
   *                      returns NOT_FOUND
   */
  int
! unescape_url(char *url)
! {
!     register int x, y, badesc, badpath;
  
+     if (!url) return OK;
+     
      badesc = 0;
      badpath = 0;
! 
!     for(x=0,y=0; url[y]; ++x,++y) {
! 	if (url[y] != '%') {
! 	    url[x] = url[y];
! 	}
! 	else {
! 	    if (!isxdigit(url[y+1]) || !isxdigit(url[y+2])) {
  		badesc = 1;
  		url[x] = '%';
! 	    }
! 	    else {
  		url[x] = x2c(&url[y+1]);
  		y += 2;
  		if (url[x] == '/' || url[x] == '\0') badpath = 1;