narenas
/
opengnsys_ipxe
mirror of https://github.com/ipxe/ipxe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[uri] Apply URI decoding for all parsed URIs 

The various early-exit paths in parse_uri() accidentally bypass the
URI field decoding.  The result is that opaque or relative URIs do not
undergo URI field decoding, resulting in double-encoding when the URIs
are subsequently used.  For example:

  #!ipxe
  set mac ${macstring}
  imgfetch /boot/by-mac/${mac:uristring}

would result in an HTTP GET such as

  GET /boot/by-mac/00%253A0c%253A29%253Ac5%253A39%253Aa1 HTTP/1.1

rather than the expected

  GET /boot/by-mac/00%3A0c%3A29%3Ac5%3A39%3Aa1 HTTP/1.1

Fix by ensuring that URI decoding is always applied regardless of the
URI format.

Reported-by: Andrew Widdersheim <awiddersheim@inetu.net>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
pull/45/head
Michael Brown 2016-01-26 16:16:13 +00:00
parent f0e9e55442
commit e55ec845e6
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/core/uri.c
View File

@ -419,11 +419,11 @@ struct uri * parse_uri ( const char *uri_string ) {
uri->port = tmp; uri->port = tmp;
} }
done:
/* Decode fields in-place */ /* Decode fields in-place */
for ( field = 0 ; field < URI_FIELDS ; field++ ) for ( field = 0 ; field < URI_FIELDS ; field++ )
uri_decode_inplace ( uri, field ); uri_decode_inplace ( uri, field );
done:
DBGC ( uri, "URI parsed \"%s\" to", uri_string ); DBGC ( uri, "URI parsed \"%s\" to", uri_string );
uri_dump ( uri ); uri_dump ( uri );
DBGC ( uri, "\n" ); DBGC ( uri, "\n" );

14
src/tests/uri_test.c
View File

@ -499,6 +499,18 @@ static struct uri_test uri_mailto = {
{ .scheme = "mailto", .opaque = "ipxe-devel@lists.ipxe.org" } { .scheme = "mailto", .opaque = "ipxe-devel@lists.ipxe.org" }
}; };
/** Basic path-only URI */
static struct uri_test uri_path = {
"/var/lib/tftpboot/pxelinux.0",
{ .path = "/var/lib/tftpboot/pxelinux.0" },
};
/** Path-only URI with escaped characters */
static struct uri_test uri_path_escaped = {
"/hello%20world%3F",
{ .path = "/hello world?" },
};
/** HTTP URI with all the trimmings */ /** HTTP URI with all the trimmings */
static struct uri_test uri_http_all = { static struct uri_test uri_http_all = {
"http://anon:password@example.com:3001/~foo/cgi-bin/foo.pl?a=b&c=d#bit", "http://anon:password@example.com:3001/~foo/cgi-bin/foo.pl?a=b&c=d#bit",
@ -877,6 +889,8 @@ static void uri_test_exec ( void ) {
uri_parse_format_dup_ok ( &uri_empty ); uri_parse_format_dup_ok ( &uri_empty );
uri_parse_format_dup_ok ( &uri_boot_ipxe_org ); uri_parse_format_dup_ok ( &uri_boot_ipxe_org );
uri_parse_format_dup_ok ( &uri_mailto ); uri_parse_format_dup_ok ( &uri_mailto );
uri_parse_format_dup_ok ( &uri_path );
uri_parse_format_dup_ok ( &uri_path_escaped );
uri_parse_format_dup_ok ( &uri_http_all ); uri_parse_format_dup_ok ( &uri_http_all );
uri_parse_format_dup_ok ( &uri_http_escaped ); uri_parse_format_dup_ok ( &uri_http_escaped );
uri_parse_ok ( &uri_http_escaped_improper ); /* Parse only */ uri_parse_ok ( &uri_http_escaped_improper ); /* Parse only */