16 lines
488 B
Diff
16 lines
488 B
Diff
diff --color -ruNp a/misc.c b/misc.c
|
|
--- a/misc.c 2025-12-09 17:16:21.637368818 +0100
|
|
+++ b/misc.c 2025-12-09 17:48:22.679192853 +0100
|
|
@@ -936,9 +936,10 @@ urldecode(const char *src)
|
|
*dst++ = ' ';
|
|
break;
|
|
case '%':
|
|
+ /* note: don't allow \0 characters */
|
|
if (!isxdigit((unsigned char)src[1]) ||
|
|
!isxdigit((unsigned char)src[2]) ||
|
|
- (ch = hexchar(src + 1)) == -1) {
|
|
+ (ch = hexchar(src + 1)) == -1 || ch == 0) {
|
|
free(ret);
|
|
return NULL;
|
|
}
|