The client rejects unauthorized redirection and execute. Its
authorized check always fails for arguments with non-ASCII characters.
The culprit is ring_search(): It compares plain char to unsigned char,
which breaks when char is signed. Believed to be broken in commit
8b7d0b91, v4.3.11.
Note that non-ASCII characters only work in UTF-8 sessions. In ASCII
sessions, the server replaces them, and the authorized check fails.
Works as designed.
size_t i, j;
for (i = r->cons; i + len <= r->prod; i++) {
- for (j = 0; j < len && s[j] == r->buf[(i + j) % RING_SIZE]; j++) ;
+ for (j = 0; s[j] && s[j] == (char)r->buf[(i + j) % RING_SIZE]; j++)
+ ;
if (!s[j])
return i - r->cons;
}