Merge branch 'md/url-parse-harden' into maint

The URL decoding code has been updated to avoid going past the end of the string while parsing %-<hex>-<hex> sequence. * md/url-parse-harden: url: do not allow %00 to represent NUL in URLs url: do not read past end of buffer

Merge branch 'md/url-parse-harden' into maint
The URL decoding code has been updated to avoid going past the end of the string while parsing %-<hex>-<hex> sequence. * md/url-parse-harden: url: do not allow %00 to represent NUL in URLs url: do not read past end of buffer
d7267d55 · Junio C Hamano · 167d02aa · d37dc239 · d7267d55
显示空白变更内容
内联并排

Showing with 2 addition and 2 deletion

url.c url.c +2 -2

未找到文件。
--- a/url.c
+++ b/url.c
@@ -46,9 +46,9 @@ static char *url_decode_internal(const char **query, int len,
 			break;
 		}

-		if (c == '%') {
+		if (c == '%' && (len < 0 || len >= 3)) {
 			int val = hex2chr(q + 1);
-			if (0 <= val) {
+			if (0 < val) {
 				strbuf_addch(out, val);
 				q += 3;
 				len -= 3;