From: Jeremy Tan <jeremy@jx.tan.fake>
Date: Sun, 27 Oct 2013 07:45:46 +0000 (+0800)
Subject: Disallow control codes in urldecode
X-Git-Url: https://git.ucc.asn.au/?a=commitdiff_plain;h=55228cf69fb27bab7f3c1525ed02a2cec2a88861;p=matches%2FMCTX3420.git

Disallow control codes in urldecode
---

diff --git a/server/fastcgi.c b/server/fastcgi.c
index 94742bd..c246781 100644
--- a/server/fastcgi.c
+++ b/server/fastcgi.c
@@ -548,7 +548,7 @@ char *FCGI_EscapeText(char *buf)
 char *FCGI_URLDecode(char *buf)
 {
 	char *head = buf, *tail = buf;
-	char hex[3] = {0};
+	char val, hex[3] = {0};
 
 	while (*tail) {
 		if (*tail == '%') { //%hh hex to char
@@ -556,7 +556,9 @@ char *FCGI_URLDecode(char *buf)
 			if (isxdigit(*tail) && isxdigit(*(tail+1))) {
 				hex[0] = *tail++;
 				hex[1] = *tail++;
-				*head++ = (char)strtol(hex, NULL, 16);
+				char val = (char)strtol(hex, NULL, 16);
+				//Control codes --> Space character
+				*head++ = (val < 0x20) ? 0x20 : val;
 			} else { //Not valid format; keep original
 				head++;
 			}