mirrors/foot
1
0
Fork 0
mirror of https://codeberg.org/dnkl/foot.git synced 2026-05-29 21:38:03 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

uri-parse: fix out-of-bounds read with malformed %-encoded content

Browse source 
If the input URI ends with a trailing '%' (or a trailing '%N'), we
read outside the provided buffer.

On NULL terminated input, this happened to work out since we'd
correctly detect an invalid %-sequence as soon as we read the NULL
terminator.

On input that is not NULL terminated, we're out of luck.

This patch fixes this by also checking we have enough input left to
even _try_ to read the %-digits.

Also add unit tests for this particular case.

Closes #2353
This commit is contained in:
Daniel Eklöf 2026-05-22 10:59:26 +02:00
parent 5335cec322
commit 2eaa7beba1
No known key found for this signature in database
GPG key ID: 5BBD4992C116573F
2 changed files with 37 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
CHANGELOG.md
View file

@ -76,6 +76,13 @@
### Deprecated
### Removed
### Fixed
* Out-of-bounds read when parsing URIs with malformed %-encoded
content ([#2353][2353]).
[2353]: https://codeberg.org/dnkl/foot/issues/2353
### Security
### Contributors