openssh/openssh-8.7p1-reject-null-char-in-url-string.patch

diff --color -ruNp a/misc.c b/misc.c
--- a/misc.c	2025-12-09 17:16:21.637368818 +0100
+++ b/misc.c	2025-12-09 17:48:22.679192853 +0100
@@ -936,9 +936,10 @@ urldecode(const char *src)
 			*dst++ = ' ';
 			break;
 		case '%':
+			/* note: don't allow \0 characters */
 			if (!isxdigit((unsigned char)src[1]) ||
 			    !isxdigit((unsigned char)src[2]) ||
-			    (ch = hexchar(src + 1)) == -1) {
+			    (ch = hexchar(src + 1)) == -1 || ch == 0) {
 				free(ret);
 				return NULL;
 			}