From a27c9a82546b040fbb8e5263003fd8fb33f1f1e0 Mon Sep 17 00:00:00 2001 From: Noah Sanci Date: Fri, 16 Jul 2021 15:16:20 -0400 Subject: [PATCH] debuginfod: PR28034 - client-side %-escape url characters When requesting some source files, some URL-inconvenient chars sometimes pop up. Example from f33 libstdc++: /buildid/44d8485cb75512c2ca5c8f70afbd475cae30af4f/source/usr/src/debug/ gcc-10.3.1-1.fc33.x86_64/obj-x86_64-redhat-linux/x86_64-redhat-linux/ libstdc++-v3/src/c++11/../../../../../libstdc++-v3/src/c++11/ condition_variable.cc As this URL is passed into debuginfod's handler_cb, it appears that the + signs are helpfully unescaped to spaces by libmicrohttpd, which 'course breaks everything. In order to ensure the server properly parses urls such as this one, %-escape characters on the client side so that the correct url is preserved and properly processed on the server side. https://sourceware.org/bugzilla/show_bug.cgi?id=28034 Signed-off-by: Noah Sanci --- debuginfod/debuginfod-client.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c index 7d4b220f..73960424 100644 --- a/debuginfod/debuginfod-client.c +++ b/debuginfod/debuginfod-client.c @@ -906,12 +906,20 @@ debuginfod_query_server (debuginfod_client *c, /* PR28034 escape characters in completed url to %hh format. */ char *escaped_string; escaped_string = curl_easy_escape(data[i].handle, filename, 0); + char *loc = escaped_string; if (!escaped_string) { rc = -ENOMEM; goto out2; } - snprintf(data[i].url, PATH_MAX, "%s/%s/%s/%s", server_url, + + while( (loc = strstr(loc, "%2F")) ) + { + loc[0] = '/'; + // pull the string back after replacement + memmove(loc+1,loc+3,strlen(loc+3)+1); + } + snprintf(data[i].url, PATH_MAX, "%s/%s/%s%s", server_url, build_id_bytes, type, escaped_string); curl_free(escaped_string); } -- 2.31.1