empire/empserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix client redirection and execute for non-ASCII characters

Browse source 
The client rejects unauthorized redirection and execute.  Its
authorized check always fails for arguments with non-ASCII characters.
The culprit is ring_search(): It compares plain char to unsigned char,
which breaks when char is signed.  Believed to be broken in commit
8b7d0b91, v4.3.11.

Note that non-ASCII characters only work in UTF-8 sessions.  In ASCII
sessions, the server replaces them, and the authorized check fails.
Works as designed.
This commit is contained in:
Markus Armbruster 2011-07-02 17:17:53 +02:00
parent afb45d933e
commit 36015e8c0e
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/client/ringbuf.c
View file

@ -159,7 +159,8 @@ ring_search(struct ring *r, char *s)
size_t i, j; size_t i, j;
for (i = r->cons; i + len <= r->prod; i++) { for (i = r->cons; i + len <= r->prod; i++) {
for (j = 0; j < len && s[j] == r->buf[(i + j) % RING_SIZE]; j++) ; for (j = 0; s[j] && s[j] == (char)r->buf[(i + j) % RING_SIZE]; j++)
;
if (!s[j]) if (!s[j])
return i - r->cons; return i - r->cons;
} }