On Tue, 2022-08-16 at 21:32 +0200, Hiltjo Posthuma wrote:
> Haven't tested the patch and not sure it is correct, but if so then
> isxdigit needs a cast using (unsigned char).

Thanks, I don't have a lot of practical C experience. Or experience
with submitting code through email, I seem to have mangled the last
patch. (Should've used git send-email.)

I'll make it an attachment this time, I hope that works.
From 54910d33ba7d1420e39662d0643eea156eac1187 Mon Sep 17 00:00:00 2001
From: HushBugger <hushbug...@posteo.net>
Date: Tue, 16 Aug 2022 22:37:50 +0200
Subject: [PATCH] Fix buffer over-read in decode()

The format specifier for parsing percent-formatted characters uses a
maximum number of digits, not an exact number of digits.

If the hex number has only one digit this will skip a character,
potentially pointing past the terminating null byte.
---
 http.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/http.c b/http.c
index 5b9dade..bd58c4f 100644
--- a/http.c
+++ b/http.c
@@ -136,7 +136,9 @@ decode(const char src[PATH_MAX], char dest[PATH_MAX])
 	const char *s;
 
 	for (s = src, i = 0; *s; s++, i++) {
-		if (*s == '%' && (sscanf(s + 1, "%2hhx", &n) == 1)) {
+		if (*s == '%' && isxdigit((unsigned char)s[1]) &&
+		    isxdigit((unsigned char)s[2])) {
+			sscanf(s + 1, "%2hhx", &n);
 			dest[i] = n;
 			s += 2;
 		} else {
-- 
2.30.2

Reply via email to