My apologies, the 2nd of those patches had a syntax error -- that's what
I get for making a last-minute edit, even to the comments, without
testing! :-p
Here is the corrected patch.
-- David
From d259cff104d2084455476b82e92a3a27524f4263 Mon Sep 17 00:00:00 2001
From: David Favro <openwrt@meta-dynamic.com>
Date: Fri, 27 Apr 2012 14:17:52 -0400
Subject: [PATCH] uhttpd URL-codec enhancements.
* uh_urlencode() and uh_urldecode() now return an error condition for
buffer-overflow and malformed-encoding rather than normal return with corrupt
or truncated data. As HTTP request processing is currently implemented, this
causes a 404 HTTP status returned to the client, while 400 is more
appropriate.
* Exposed urlencode() to Lua.
* Lua's uhttpd.urlencode() and .urldecode() now raise an error condition for
buffer-overflow and malformed-encoding rather than normal return with
incorrect data.
SVN-Revision: 31570
* Fixed output-buffer-overflow bug in uh_urlencode() and uh_urldecode() [tested
input-buffer index against output-buffer length]. In reality, this would not
typically cause an overflow on decode, where the output string would be
expected to be shorter than the input string; and uh_urlencode() seems to have
been unreferenced in the source.
* Fixed bug: uh_urlencode() and uh_urldecode() both read one extra byte from the
input-string. While this could manifest in C code, the result was most
egregious when called from Lua, where it caused an extra null byte to be
embedded at the end of the output string.
* uh_urlencode() cleanup: removed redundant bitwise-and.
Signed-off-by: David Favro <openwrt@meta-dynamic.com>
SVN-Revision: 31569
