[BusyBox 0001022]: httpd -d returns incorrect result if URL contains %2f ('/')
bugs at busybox.net
bugs at busybox.net
Wed Sep 6 04:24:23 PDT 2006
The following issue has been SUBMITTED.
======================================================================
http://busybox.net/bugs/view.php?id=1022
======================================================================
Reported By: Zombie
Assigned To: BusyBox
======================================================================
Project: BusyBox
Issue ID: 1022
Category: Networking Support
Reproducibility: always
Severity: minor
Priority: normal
Status: assigned
======================================================================
Date Submitted: 09-06-2006 04:24 PDT
Last Modified: 09-06-2006 04:24 PDT
======================================================================
Summary: httpd -d returns incorrect result if URL contains
%2f ('/')
Description:
Bug was introduced in revision 12978
(http://www.busybox.net/cgi-bin/viewcvs.cgi?rev=12978&view=rev).
+ if(value1 == '/' || value1 == 0)
+ return orig+1;
This returns one more than the string pointer provided as an argument.
While this is used, presumably for a good reason, in the web server, this
results in incorrect decoding when using "httpd -d" to URL-decode a
string, i.e. the first character is dropped and translation is suspended.
Can be reproduced like this:
httpd -d 'http://foo.bar.net/cgi-bin/fubar?fubar=foo%2fbar%2cfu'
Returns:
ttp://foo.bar.net/cgi-bin/fubar?fubar=foo%2fbar%2cfu
Should return:
http://foo.bar.net/cgi-bin/fubar?fubar=foo/bar,fu
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
09-06-06 04:24 Zombie New Issue
09-06-06 04:24 Zombie Status new => assigned
09-06-06 04:24 Zombie Assigned To => BusyBox
======================================================================
More information about the busybox-cvs
mailing list