From de7e50955dba711aeee33196bf2bfea3c47696f7 Mon Sep 17 00:00:00 2001 From: Noah Sanci Date: Fri, 16 Jul 2021 15:16:20 -0400 Subject: [PATCH] debuginfod: PR28034 - client-side %-escape url characters When requesting some source files, some URL-inconvenient chars sometimes pop up. Example from f33 libstdc++: /buildid/44d8485cb75512c2ca5c8f70afbd475cae30af4f/source/usr/src/debug/ gcc-10.3.1-1.fc33.x86_64/obj-x86_64-redhat-linux/x86_64-redhat-linux/ libstdc++-v3/src/c++11/../../../../../libstdc++-v3/src/c++11/ condition_variable.cc As this URL is passed into debuginfod's handler_cb, it appears that the + signs are helpfully unescaped to spaces by libmicrohttpd, which 'course breaks everything. In order to ensure the server properly parses urls such as this one, %-escape characters on the client side so that the correct url is preserved and properly processed on the server side. https://sourceware.org/bugzilla/show_bug.cgi?id=28034 Signed-off-by: Noah Sanci --- debuginfod/debuginfod-client.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c index 7d4b220f..eb49b583 100644 --- a/debuginfod/debuginfod-client.c +++ b/debuginfod/debuginfod-client.c @@ -905,13 +905,25 @@ debuginfod_query_server (debuginfod_client *c, { /* PR28034 escape characters in completed url to %hh format. */ char *escaped_string; + char *loc; escaped_string = curl_easy_escape(data[i].handle, filename, 0); if (!escaped_string) { rc = -ENOMEM; goto out2; } - snprintf(data[i].url, PATH_MAX, "%s/%s/%s/%s", server_url, + + loc = strstr(escaped_string, "%2F"); + if (loc != NULL) + do + { + loc[0] = '/'; + // pull the string back after replacement + memmove(loc+1,loc+3,strlen(loc+3)); + escaped_string[strlen(escaped_string) - 1] = '\0'; + escaped_string[strlen(escaped_string) - 1] = '\0'; + } while( (loc = strstr(loc, "%2F")) ); + snprintf(data[i].url, PATH_MAX, "%s/%s/%s%s", server_url, build_id_bytes, type, escaped_string); curl_free(escaped_string); } -- 2.31.1