Welcome! Log In Create A New Profile

Advanced

[njs] A fix in decodeURI() and decodeURIComponent() functions.

Previous Message Next Message
Forum List Message List New Topic Print View
Igor Sysoev
October 24, 2016 08:06AM
details: http://hg.nginx.org/njs/rev/cec366d97854
branches:
changeset: 211:cec366d97854
user: Igor Sysoev <igor@sysoev.ru>
date: Sat Oct 22 20:24:32 2016 +0300
description:
A fix in decodeURI() and decodeURIComponent() functions.

Found with afl-fuzz.

diffstat:

njs/njs_string.c | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)

diffs (36 lines):

diff -r 7685bf403554 -r cec366d97854 njs/njs_string.c
--- a/njs/njs_string.c Fri Oct 21 23:03:02 2016 +0300
+++ b/njs/njs_string.c Sat Oct 22 20:24:32 2016 +0300
@@ -3070,7 +3070,6 @@ njs_string_decode(njs_vm_t *vm, njs_valu
byte = *src++;

if (byte == '%') {
-
size -= 2;

if (size <= 0) {
@@ -3117,6 +3116,8 @@ njs_string_decode(njs_vm_t *vm, njs_valu
byte = *src++;

if (byte == '%') {
+ size -= 2;
+
d0 = hex[*src++];
d1 = hex[*src++];
byte = (d0 << 4) + d1;
@@ -3124,7 +3125,6 @@ njs_string_decode(njs_vm_t *vm, njs_valu
utf8 |= (byte >= 0x80);

if ((reserve[byte >> 5] & ((uint32_t) 1 << (byte & 0x1f))) != 0) {
- size -= 2;
*dst++ = '%';
*dst++ = src[-2];
byte = src[-1];
@@ -3132,7 +3132,6 @@ njs_string_decode(njs_vm_t *vm, njs_valu
}

*dst++ = byte;
-
size--;

} while (size != 0);

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[njs] A fix in decodeURI() and decodeURIComponent() functions.

Igor Sysoev 757 October 24, 2016 08:06AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 317
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready