uridecoding support optional semicolon as delimiter

author Andy Green <andy.green@linaro.org>

Fri, 18 Dec 2015 07:20:09 +0000 (15:20 +0800)

committer Andy Green <andy.green@linaro.org>

Fri, 18 Dec 2015 07:20:09 +0000 (15:20 +0800)
author Andy Green <andy.green@linaro.org>
Fri, 18 Dec 2015 07:20:09 +0000 (15:20 +0800)
committer Andy Green <andy.green@linaro.org>
Fri, 18 Dec 2015 07:20:09 +0000 (15:20 +0800)
diff --git a/lib/parsers.c b/lib/parsers.c

index bc69d2e..2f0f405 100644 (file)
--- a/lib/parsers.c
+++ b/lib/parsers.c
@@ -324,7 +324,7 @@ int lws_parse(struct lws *wsi, unsigned char c)
                 switch (wsi->u.hdr.ups) {
                 case URIPS_IDLE:
                         /* genuine delimiter */
-                       if (c == '&' && !enc) {
+                       if ((c == '&' || c == ';') && !enc) {
                                 issue_char(wsi, c);
                                 /* swallow the terminator */
                                 ah->frags[ah->nfrag].len--;
diff --git a/test-server/attack.sh b/test-server/attack.sh

index dab8be7..5db93da 100755 (executable)
--- a/test-server/attack.sh
+++ b/test-server/attack.sh
@@ -84,6 +84,14 @@ check 3 "Root_Channels_1_Channel_location_http_post=?"
  check
  
  echo
+echo "---- ? processing (/cgi-bin/settings.js?key1=value1)"
+rm -f /tmp/lwscap
+echo -e "GET /cgi-bin/settings.js?key1=value1 HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
+check 1 "key1=value1"
+check
+
+
+echo
  echo "---- ? processing (%2f%2e%2e%2f%2e./test.html?arg=1)"
  rm -f /tmp/lwscap
  echo -e "GET %2f%2e%2e%2f%2e./test.html?arg=1 HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
author	Andy Green <andy.green@linaro.org>
	Fri, 18 Dec 2015 07:20:09 +0000 (15:20 +0800)
committer	Andy Green <andy.green@linaro.org>
	Fri, 18 Dec 2015 07:20:09 +0000 (15:20 +0800)
lib/parsers.c		patch \| blob \| history
test-server/attack.sh		patch \| blob \| history