From: Adam Dickmeiss <adam@indexdata.dk>
Date: Mon, 12 Nov 2012 14:50:25 +0000 (+0100)
Subject: yaz_uri_to_array: reject non-ASCII x-form names
X-Git-Tag: v4.2.45~5^2~1
X-Git-Url: http://git.indexdata.com/?p=yaz-moved-to-github.git;a=commitdiff_plain;h=028d5f9639695599a98f59ef8a59e7f03bc135f7

yaz_uri_to_array: reject non-ASCII x-form names
---

diff --git a/src/uri.c b/src/uri.c
index bae9a0a..6db68e5 100644
--- a/src/uri.c
+++ b/src/uri.c
@@ -132,6 +132,13 @@ int yaz_uri_to_array(const char *path, ODR o, char ***name, char ***val)
     {
         cp++;
         no++;
+        while (*cp != '=')
+        {
+            /* check that x-form names looks sane */
+            if (*cp <= ' ' || *cp >= 127)
+                return 0;
+            cp++;
+        }
     }
     *name = (char **) odr_malloc(o, no * sizeof(char*));
     *val = (char **) odr_malloc(o, no * sizeof(char*));