Search strings were being urldecoded against the specs (bugreport from Kacper Gutowski)

2024-06-16 06:25:23 +00:00 · 2014-01-25 11:45:30 +02:00 · 2014-01-25 11:45:30 +02:00 · 50a8d5e798
commit 50a8d5e798
parent ae960ab8ce
1 changed files with 5 additions and 2 deletions
--- a/gophernicus.c
+++ b/gophernicus.c
@ -547,12 +547,12 @@ int main(int argc, char *argv[])
 #endif
 		platform(&st);

-	/* Read selector, remove CRLF & encodings */
+	/* Read selector */
 	if (fgets(selector, sizeof(selector) - 1, stdin) == NULL)
 		selector[0] = '\0';

+	/* Remove trailing CRLF */
 	chomp(selector);
-	strndecode(selector, selector, sizeof(selector));

 	if (st.debug) syslog(LOG_INFO, "client sent us \"%s\"", selector);

@ -626,6 +626,9 @@ int main(int argc, char *argv[])
 	}
 	*dest = '\0';

+	/* Remove encodings from selector */
+	strndecode(st.req_selector, st.req_selector, sizeof(st.req_selector));
+
 	/* Deny requests for Slashdot and /../ hackers */
 	if (strstr(st.req_selector, "/."))
 		die(&st, ERR_ACCESS, "Refusing to serve out dotfiles");