Re: [evolution-patches] patch review for crash bug

From: Not Zed <notzed ximian com>
To: Jeffrey Stedfast <fejj ximian com>
Cc: calvin liu sun com, evolution-patches lists ximian com
Subject: Re: [evolution-patches] patch review for crash bug
Date: Tue, 02 Dec 2003 09:45:43 +1100

On Tue, 2003-12-02 at 09:13, Jeffrey Stedfast wrote:

On Mon, 2003-12-01 at 16:22, Not Zed wrote:
> An even better (there is never a proper :) fix would be:
> 
> if (*s == '%' && isxdigit(s[1]) && isxdigit(s[2])) {
> *d++ = (XDIGIT (s[1]) << 4) + XDIGIT (s[2]);
> s += 2;
> } else
> *d++ = *s;

not quite... what if we have %%<xdigit><xdigit> ? :)

ah, but this isn't printf format... so I dunno. in that case, it should
probably just skip the first % anyway then since it'd be illegal I
gather? what do the url specs say?

two %'s are illegal. yes. since it isn't valid there can't be any 'right' way to decode it.

since the url's are being created internally to evolution, there is a bug elsewhere, this patch is only to fix a security/crash problem for external url's. (i don't really gather how its crashing though).

References:
- [evolution-patches] patch review for crash bug
  - From: Calvin Liu
- Re: [evolution-patches] patch review for crash bug
  - From: Jeffrey Stedfast
- Re: [evolution-patches] patch review for crash bug
  - From: Not Zed
- Re: [evolution-patches] patch review for crash bug
  - From: Jeffrey Stedfast

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]