[BusyBox 0001022]: httpd -d returns incorrect result if URL contains %2f ('/')

bugs at busybox.net bugs at busybox.net
Wed Nov 29 15:59:26 UTC 2006


The following issue has been CLOSED 
====================================================================== 
http://busybox.net/bugs/view.php?id=1022 
====================================================================== 
Reported By:                Zombie
Assigned To:                BusyBox
====================================================================== 
Project:                    BusyBox
Issue ID:                   1022
Category:                   Networking Support
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     closed
Resolution:                 open
Fixed in Version:           
====================================================================== 
Date Submitted:             09-06-2006 04:24 PDT
Last Modified:              11-29-2006 07:59 PST
====================================================================== 
Summary:                    httpd -d returns incorrect result if URL contains
%2f ('/')
Description: 
Bug was introduced in revision 12978
(http://www.busybox.net/cgi-bin/viewcvs.cgi?rev=12978&view=rev).

+	if(value1 == '/' || value1 == 0)
+		return orig+1;

This returns one more than the string pointer provided as an argument.
While this is used, presumably for a good reason, in the web server, this
results in incorrect decoding when using "httpd -d" to URL-decode a
string, i.e. the first character is dropped and translation is suspended.

Can be reproduced like this:
 httpd -d 'http://foo.bar.net/cgi-bin/fubar?fubar=foo%2fbar%2cfu'
Returns:
 ttp://foo.bar.net/cgi-bin/fubar?fubar=foo%2fbar%2cfu
Should return:
 http://foo.bar.net/cgi-bin/fubar?fubar=foo/bar,fu

====================================================================== 

---------------------------------------------------------------------- 
 VEvgeniy - 09-11-06 23:38  
---------------------------------------------------------------------- 
You have delete "value1 == '/' ||" string in httpd.c function
decodeString.
I have fine result! 

---------------------------------------------------------------------- 
 vda - 11-29-06 07:59  
---------------------------------------------------------------------- 
Fixed in rev 16721 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
09-06-06 04:24  Zombie         New Issue                                    
09-06-06 04:24  Zombie         Status                   new => assigned     
09-06-06 04:24  Zombie         Assigned To               => BusyBox         
09-11-06 23:38  VEvgeniy       Note Added: 0001634                          
11-29-06 07:59  vda            Status                   assigned => closed  
11-29-06 07:59  vda            Note Added: 0001837                          
======================================================================




More information about the busybox-cvs mailing list