[BusyBox 0001022]: httpd -d returns incorrect result if URL contains %2f ('/')
bugs at busybox.net
bugs at busybox.net
Tue Sep 12 06:38:52 UTC 2006
A NOTE has been added to this issue.
======================================================================
http://busybox.net/bugs/view.php?id=1022
======================================================================
Reported By: Zombie
Assigned To: BusyBox
======================================================================
Project: BusyBox
Issue ID: 1022
Category: Networking Support
Reproducibility: always
Severity: minor
Priority: normal
Status: assigned
======================================================================
Date Submitted: 09-06-2006 04:24 PDT
Last Modified: 09-11-2006 23:38 PDT
======================================================================
Summary: httpd -d returns incorrect result if URL contains
%2f ('/')
Description:
Bug was introduced in revision 12978
(http://www.busybox.net/cgi-bin/viewcvs.cgi?rev=12978&view=rev).
+ if(value1 == '/' || value1 == 0)
+ return orig+1;
This returns one more than the string pointer provided as an argument.
While this is used, presumably for a good reason, in the web server, this
results in incorrect decoding when using "httpd -d" to URL-decode a
string, i.e. the first character is dropped and translation is suspended.
Can be reproduced like this:
httpd -d 'http://foo.bar.net/cgi-bin/fubar?fubar=foo%2fbar%2cfu'
Returns:
ttp://foo.bar.net/cgi-bin/fubar?fubar=foo%2fbar%2cfu
Should return:
http://foo.bar.net/cgi-bin/fubar?fubar=foo/bar,fu
======================================================================
----------------------------------------------------------------------
VEvgeniy - 09-11-06 23:38
----------------------------------------------------------------------
You have delete "value1 == '/' ||" string in httpd.c function
decodeString.
I have fine result!
Issue History
Date Modified Username Field Change
======================================================================
09-06-06 04:24 Zombie New Issue
09-06-06 04:24 Zombie Status new => assigned
09-06-06 04:24 Zombie Assigned To => BusyBox
09-11-06 23:38 VEvgeniy Note Added: 0001634
======================================================================
More information about the busybox-cvs
mailing list