1.20b - URL parser now accounts for its own \.\ injection pattern. bugfix

2010-03-25 00:29:30 -04:00 · 2010-03-25 00:29:30 -04:00 · 50c87f0348
parent 00dcafb61c
commit 50c87f0348
3 changed files with 5 additions and 4 deletions
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-Version 1.20b:
+Version 1.21b:
 --------------

  - URL parser now accounts for its own \.\ injection pattern.
--- a/config.h
+++ b/config.h
@ -23,7 +23,7 @@
 #ifndef _HAVE_CONFIG_H
 #define _HAVE_CONFIG_H

-#define VERSION "1.20b"
+#define VERSION "1.21b"

 #define USE_COLOR               1       /* Use terminal colors             */

--- a/http_client.c
+++ b/http_client.c
@ -497,12 +497,13 @@ void tokenize_path(u8* str, struct http_request* req, u8 add_slash) {
         probes. This is to avoid recursion if it actually worked in some
         way. */

-      if (!strncmp((char*)cur, "\\.\\", 3)) {
+      if (!strncmp((char*)cur, "\\.\\", 3) && (cur[3] == '/' || !cur[3])) {
        cur += 3;
        continue;
      }

-      if (!strncasecmp((char*)cur, "%5c.%5c", 7)) {
+      if (!strncasecmp((char*)cur, "%5c.%5c", 7) &&
+          (cur[7] == '/' || !cur[7])) {
        cur += 7;
        continue;
      }