On Tue, Aug 16, 2022 at 05:42:50PM +0000, HushBugger wrote: > The format specifier for parsing percent-formatted characters uses > a maximum number of digits, not an exact number of digits. > > If the hex number has only one digit this will skip a character, > potentially pointing past the terminating null byte. > --- > http.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/http.c b/http.c > index 5b9dade..fb2dc42 100644 > --- a/http.c > +++ b/http.c > @@ -136,7 +136,8 @@ decode(const char src[PATH_MAX], char dest[PATH_MAX]) > const char *s; > > for (s = src, i = 0; *s; s++, i++) { > - if (*s == '%' && (sscanf(s + 1, "%2hhx", &n) == 1)) { > + if (*s == '%' && isxdigit(s[1]) && isxdigit(s[2])) { > + sscanf(s + 1, "%2hhx", &n); > dest[i] = n; > s += 2; > } else { > -- > 2.36.2 >
Haven't tested the patch and not sure it is correct, but if so then isxdigit needs a cast using (unsigned char). -- Kind regards, Hiltjo