From 6360cbb001dc73a11c39e752aaf1fcd5fbf6504f Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 31 Mar 2010 22:03:34 +0200 Subject: cherry pick -r 1984..1985 lp:~donkult/apt/sid --- apt-pkg/contrib/strutl.cc | 21 +++++++++++++++------ apt-pkg/contrib/strutl.h | 1 + debian/changelog | 6 ++++++ 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/apt-pkg/contrib/strutl.cc b/apt-pkg/contrib/strutl.cc index 8e8820949..b54758632 100644 --- a/apt-pkg/contrib/strutl.cc +++ b/apt-pkg/contrib/strutl.cc @@ -198,7 +198,8 @@ bool ParseQuoteWord(const char *&String,string &Res) char *I; for (I = Buffer; I < Buffer + sizeof(Buffer) && Start != C; I++) { - if (*Start == '%' && Start + 2 < C) + if (*Start == '%' && Start + 2 < C && + isxdigit(Start[1]) && isxdigit(Start[2])) { Tmp[0] = Start[1]; Tmp[1] = Start[2]; @@ -273,7 +274,8 @@ string QuoteString(const string &Str, const char *Bad) for (string::const_iterator I = Str.begin(); I != Str.end(); I++) { if (strchr(Bad,*I) != 0 || isprint(*I) == 0 || - *I <= 0x20 || *I >= 0x7F) + *I == 0x25 || // percent '%' char + *I <= 0x20 || *I >= 0x7F) // control chars { char Buf[10]; sprintf(Buf,"%%%02x",(int)*I); @@ -289,11 +291,17 @@ string QuoteString(const string &Str, const char *Bad) // --------------------------------------------------------------------- /* This undoes QuoteString */ string DeQuoteString(const string &Str) +{ + return DeQuoteString(Str.begin(),Str.end()); +} +string DeQuoteString(string::const_iterator const &begin, + string::const_iterator const &end) { string Res; - for (string::const_iterator I = Str.begin(); I != Str.end(); I++) + for (string::const_iterator I = begin; I != end; I++) { - if (*I == '%' && I + 2 < Str.end()) + if (*I == '%' && I + 2 < end && + isxdigit(I[1]) && isxdigit(I[2])) { char Tmp[3]; Tmp[0] = I[1]; @@ -1217,9 +1225,10 @@ void URI::CopyFrom(const string &U) else { Host.assign(At+1,SingleSlash); - User.assign(FirstColon,SecondColon); + // username and password must be encoded (RFC 3986) + User.assign(DeQuoteString(FirstColon,SecondColon)); if (SecondColon < At) - Password.assign(SecondColon+1,At); + Password.assign(DeQuoteString(SecondColon+1,At)); } // Now we parse the RFC 2732 [] hostnames. diff --git a/apt-pkg/contrib/strutl.h b/apt-pkg/contrib/strutl.h index a1e7f3934..a92c0a78f 100644 --- a/apt-pkg/contrib/strutl.h +++ b/apt-pkg/contrib/strutl.h @@ -45,6 +45,7 @@ bool ParseQuoteWord(const char *&String,string &Res); bool ParseCWord(const char *&String,string &Res); string QuoteString(const string &Str,const char *Bad); string DeQuoteString(const string &Str); +string DeQuoteString(string::const_iterator const &begin, string::const_iterator const &end); string SizeToStr(double Bytes); string TimeToStr(unsigned long Sec); string Base64Encode(const string &Str); diff --git a/debian/changelog b/debian/changelog index 375ef6151..5eaafffb4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,12 @@ apt (0.7.25.3ubuntu5) UNRELEASED; urgency=low * cmdline/apt-get.cc: - try version match in FindSrc first exact than fuzzy (LP: #551178) + [ Jean-Baptiste Lallement ] + * apt-pkg/contrib/strutl.cc: + - always escape '%' (LP: #130289) (Closes: #500560) + - unescape '%' sequence only if followed by 2 hex digit + - username/password are urlencoded in proxy string (RFC 3986) + -- Michael Vogt Wed, 31 Mar 2010 21:59:42 +0200 apt (0.7.25.3ubuntu4) lucid; urgency=low -- cgit v1.2.3