yaz_uri_to_array: reject non-ASCII x-form names

author Adam Dickmeiss <adam@indexdata.dk>

Mon, 12 Nov 2012 14:50:25 +0000 (15:50 +0100)

committer Adam Dickmeiss <adam@indexdata.dk>

Mon, 12 Nov 2012 14:50:25 +0000 (15:50 +0100)
author Adam Dickmeiss <adam@indexdata.dk>
Mon, 12 Nov 2012 14:50:25 +0000 (15:50 +0100)
committer Adam Dickmeiss <adam@indexdata.dk>
Mon, 12 Nov 2012 14:50:25 +0000 (15:50 +0100)
diff --git a/src/uri.c b/src/uri.c

index bae9a0a..6db68e5 100644 (file)
--- a/src/uri.c
+++ b/src/uri.c
@@ -132,6 +132,13 @@ int yaz_uri_to_array(const char *path, ODR o, char ***name, char ***val)
      {
          cp++;
          no++;
      {
          cp++;
          no++;
+        while (*cp != '=')
+        {
+            /* check that x-form names looks sane */
+            if (*cp <= ' ' || *cp >= 127)
+                return 0;
+            cp++;
+        }
      }
      *name = (char **) odr_malloc(o, no * sizeof(char*));
      *val = (char **) odr_malloc(o, no * sizeof(char*));
      }
      *name = (char **) odr_malloc(o, no * sizeof(char*));
      *val = (char **) odr_malloc(o, no * sizeof(char*));
author	Adam Dickmeiss <adam@indexdata.dk>
	Mon, 12 Nov 2012 14:50:25 +0000 (15:50 +0100)
committer	Adam Dickmeiss <adam@indexdata.dk>
	Mon, 12 Nov 2012 14:50:25 +0000 (15:50 +0100)