From 028d5f9639695599a98f59ef8a59e7f03bc135f7 Mon Sep 17 00:00:00 2001
From: Adam Dickmeiss <adam@indexdata.dk>
Date: Mon, 12 Nov 2012 15:50:25 +0100
Subject: [PATCH] yaz_uri_to_array: reject non-ASCII x-form names

---
 src/uri.c |    7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/uri.c b/src/uri.c
index bae9a0a..6db68e5 100644
--- a/src/uri.c
+++ b/src/uri.c
@@ -132,6 +132,13 @@ int yaz_uri_to_array(const char *path, ODR o, char ***name, char ***val)
     {
         cp++;
         no++;
+        while (*cp != '=')
+        {
+            /* check that x-form names looks sane */
+            if (*cp <= ' ' || *cp >= 127)
+                return 0;
+            cp++;
+        }
     }
     *name = (char **) odr_malloc(o, no * sizeof(char*));
     *val = (char **) odr_malloc(o, no * sizeof(char*));
-- 
1.7.10.4