Uploaded image for project: 'VOMS'
  1. VOMS
  2. VOMS-700

canonicalize_string doesn't unescape encoded characters correctly

XMLWordPrintable

      The line

      *currentout++ = hex2num(first) << 4 + hex2num(second);
      

      does the wrong thing because the precedence of the operations implies

      *currentout++ = hex2num(first) << (4 + hex2num(second));
      

      and not the correct

      *currentout++= (hex2num(first) << 4) + hex2num(second);
      

      Alternatively | can be used instead of +

      *currentout++= hex2num(first) << 4 | hex2num(second);
      

      but parenthesis don't harm.

      Luckily that piece of code is in fact never executed because canonicalize_string is called by http_get in such a way that it is applied only to the string /generate-ac, i.e. it is not applied to the whole path including parameters, which most likely contain url-escaped characters.

            giaco Francesco Giacomini
            giaco Francesco Giacomini
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: