Fixed: [PATCH 2/3] uhttpd URL-codec enhancements.

My apologies, the 2nd of those patches had a syntax error -- that's what
I get for making a last-minute edit, even to the comments, without
testing! :-p

Here is the corrected patch.

-- David

From d259cff104d2084455476b82e92a3a27524f4263 Mon Sep 17 00:00:00 2001
From: David Favro <openwrt@meta-dynamic.com>
Date: Fri, 27 Apr 2012 14:17:52 -0400
Subject: [PATCH] uhttpd URL-codec enhancements.

* uh_urlencode() and uh_urldecode() now return an error condition for
  buffer-overflow and malformed-encoding rather than normal return with corrupt
  or truncated data.  As HTTP request processing is currently implemented, this
  causes a 404 HTTP status returned to the client, while 400 is more
  appropriate.

* Exposed urlencode() to Lua.

* Lua's uhttpd.urlencode() and .urldecode() now raise an error condition for
  buffer-overflow and malformed-encoding rather than normal return with
  incorrect data.

git-svn-id: svn://svn.openwrt.org/openwrt/trunk/package/uhttpd/src@31570 3c298f89-4303-0410-b956-a3cf2f4a3e73

1 files changed, 4 insertions, 3 deletions

diff --git a/uhttpd.c b/uhttpd.c
index 9b96086..5d66e23 100644
--- a/uhttpd.c
+++ b/uhttpd.c
@@ -948,9 +948,10 @@ int main (int argc, char **argv)
 					for (opt = 0; optarg[opt]; opt++)
 						if (optarg[opt] == '+')
 							optarg[opt] = ' ';
-
-					memset(port, 0, strlen(optarg)+1);
-					uh_urldecode(port, strlen(optarg), optarg, strlen(optarg));
+					/* opt now contains strlen(optarg) -- no need to re-scan */
+					memset(port, 0, opt+1);
+					if (uh_urldecode(port, opt, optarg, opt) < 0)
+					    fprintf( stderr, "uhttpd: invalid encoding\n" );
 
 					printf("%s", port);
 					free(port);