Fix client redirection and execute for non-ASCII characters
The client rejects unauthorized redirection and execute. Its
authorized check always fails for arguments with non-ASCII characters.
The culprit is ring_search(): It compares plain char to unsigned char,
which breaks when char is signed. Believed to be broken in commit
8b7d0b91, v4.3.11.
Note that non-ASCII characters only work in UTF-8 sessions. In ASCII
sessions, the server replaces them, and the authorized check fails.
Works as designed.
This commit is contained in:
parent
afb45d933e
commit
36015e8c0e
1 changed files with 2 additions and 1 deletions
|
|
@ -159,7 +159,8 @@ ring_search(struct ring *r, char *s)
|
|||
size_t i, j;
|
||||
|
||||
for (i = r->cons; i + len <= r->prod; i++) {
|
||||
for (j = 0; j < len && s[j] == r->buf[(i + j) % RING_SIZE]; j++) ;
|
||||
for (j = 0; s[j] && s[j] == (char)r->buf[(i + j) % RING_SIZE]; j++)
|
||||
;
|
||||
if (!s[j])
|
||||
return i - r->cons;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue