bugfix determining that a URL encoding is illegal

2040b8a9 · Geoff Simmons · 30a16b53 · 2040b8a9 · 2040b8a9
Commit 2040b8a9 authored Apr 08, 2016 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 50 additions and 29 deletions

url.vtc src/tests/url.vtc +40 -27

url.c src/url.c +10 -2

No files found.
--- a/src/tests/url.vtc
+++ b/src/tests/url.vtc
@@ -214,32 +214,45 @@ client c1 {
 	expect resp.http.decmanypieces == "foo bar baz quux"
 } -run

-#varnish v1 -vcl {
-#	import blobcode from "${vmod_topbuild}/src/.libs/libvmod_blobcode.so";
-#	backend b { .host = "${bad_ip}"; }
-#
-#	sub vcl_recv {
-#	  return(synth(200));
-#	}
-#
-#	sub vcl_synth {
-#	  set req.http.foo = "123";
-#	  set resp.http.badurl = blobcode.encode(URLUC,
-#				 blobcode.decode(URL, "g" + req.http.foo));
-#	}
-#}
-
-#client c1 {
-#	txreq
-#	rxresp
-#	expect resp.http.badurl == ""
-#} -run
-
-#logexpect l1 -v v1 -d 1 -g vxid -q "VCL_Error" {
-#        expect 0 * Begin req
-#        expect * = VCL_Error "^vmod blobcode error: cannot decode, illegal encoding beginning with \"g\"$"
+varnish v1 -vcl {
+	import blobcode from "${vmod_topbuild}/src/.libs/libvmod_blobcode.so";
+	backend b { .host = "${bad_ip}"; }
+
+	sub vcl_recv {
+	  return(synth(200));
+	}
+
+	sub vcl_synth {
+	  set resp.http.bad1 = blobcode.encode(URLUC, blobcode.decode(URL, "%"));
+	  set resp.http.bad2 = blobcode.encode(URLUC,
+					       blobcode.decode(URL, "%2"));
+	  set resp.http.bad3 = blobcode.encode(URLUC,
+					       blobcode.decode(URL, "%q"));
+	  set resp.http.bad4 = blobcode.encode(URLUC,
+					       blobcode.decode(URL, "%2q"));
+	}
+}
+
+client c1 {
+	txreq
+	rxresp
+	expect resp.http.bad1 == ""
+	expect resp.http.bad2 == ""
+	expect resp.http.bad3 == ""
+	expect resp.http.bad4 == ""
+} -run
+
+logexpect l1 -v v1 -d 1 -g vxid -q "VCL_Error" {
+        expect 0 * Begin req
+        expect * = VCL_Error "^vmod blobcode error: cannot decode, illegal encoding beginning with \"%\"$"
 #"
-#	expect * = End
-#} -start
+        expect * = VCL_Error "^vmod blobcode error: cannot decode, illegal encoding beginning with \"%2\"$"
+#"
+        expect * = VCL_Error "^vmod blobcode error: cannot decode, illegal encoding beginning with \"%q\"$"
+#"
+        expect * = VCL_Error "^vmod blobcode error: cannot decode, illegal encoding beginning with \"%2q\"$"
+#"
+	expect * = End
+} -start

-#logexpect l1 -wait
+logexpect l1 -wait
--- a/src/url.c
+++ b/src/url.c
@@ -94,6 +94,12 @@ isunreserved(const uint8_t c)
 	return (unreserved[c >> 3] & (1 << (c & 7)));
 }

+static inline int
+isoutofrange(const uint8_t c)
+{
+	return (c < '0' || c > 'f');
+}
+
 ssize_t
 url_encode(const enum encoding enc, char *restrict const buf,
 	   const size_t buflen, const char *restrict const in,
@@ -164,14 +170,16 @@ url_decode(const enum encoding dec, char *restrict const buf,
 					*dest++ = *s;
 				break;
 			case PERCENT:
-				if ((nib = nibble[*s - '0']) == 0xff) {
+				if (isoutofrange(*s)
+				    || (nib = nibble[*s - '0']) == 0xff) {
 					errno = EINVAL;
 					return -1;
 				}
 				state = FIRSTNIB;
 				break;
 			case FIRSTNIB:
-				if ((nib2 = nibble[*s - '0']) == 0xff) {
+				if (isoutofrange(*s)
+				    || (nib2 = nibble[*s - '0']) == 0xff) {
 					errno = EINVAL;
 					return -1;
 				}