diff options
author | Andy Green <andy@warmcat.com> | 2016-05-07 08:33:07 +0800 |
---|---|---|
committer | Andy Green <andy@warmcat.com> | 2016-05-07 08:33:07 +0800 |
commit | 9a90ed20acf49ad48a2c0aa6a91699007e31f4c8 (patch) | |
tree | 2058c28dfcf6d9d036adffe7b2156883976d0f27 | |
parent | d2feeee1d6badd4f2da90d8bea29f58e77e0d68b (diff) | |
download | libwebsockets-9a90ed20acf49ad48a2c0aa6a91699007e31f4c8.tar.gz libwebsockets-9a90ed20acf49ad48a2c0aa6a91699007e31f4c8.tar.bz2 libwebsockets-9a90ed20acf49ad48a2c0aa6a91699007e31f4c8.zip |
fix %3d handling in path part and add attack.sh
https://github.com/warmcat/libwebsockets/issues/518
Signed-off-by: Andy Green <andy@warmcat.com>
-rw-r--r-- | lib/parsers.c | 4 | ||||
-rwxr-xr-x | test-server/attack.sh | 13 |
2 files changed, 14 insertions, 3 deletions
diff --git a/lib/parsers.c b/lib/parsers.c index 0721a4b5..9ba3fd5c 100644 --- a/lib/parsers.c +++ b/lib/parsers.c @@ -635,7 +635,9 @@ lws_parse(struct lws *wsi, unsigned char c) goto swallow; } /* uriencoded = in the name part, disallow */ - if (c == '=' && enc && !wsi->u.hdr.post_literal_equal) + if (c == '=' && enc && + ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS] && + !wsi->u.hdr.post_literal_equal) c = '_'; /* after the real =, we don't care how many = */ diff --git a/test-server/attack.sh b/test-server/attack.sh index 3bf4d675..a3732cb6 100755 --- a/test-server/attack.sh +++ b/test-server/attack.sh @@ -50,6 +50,14 @@ function check { fi fi + if [ "$1" == "0" ] ; then + a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep "get\ \ =" | tr -s ' ' | cut -d' ' -f4-`" + if [ "$a" != "$2" ] ; then + echo "URL path '$a' not $2" + exit 1 + fi + fi + if [ "$1" == "1" ] ; then a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 1\: | tr -s ' ' | cut -d' ' -f5-`" if [ "$a" != "$2" ] ; then @@ -106,9 +114,10 @@ check 1 "key1=value1" check echo -echo "---- ? processing (/test?key1%3d2=value1)" +echo "---- ? processing (/t%3dest?key1%3d2=value1)" rm -f /tmp/lwscap -echo -e "GET /test?key1%3d2=value1 HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap +echo -e "GET /t%3dest?key1%3d2=value1 HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap +check 0 "/t=est" check 1 "key1_2=value1" check |