Overview

File 3182-inets-fix-an-error-regarding-decode-of-percent-encod.patch of Package erlang

From 5296ae6c4761f26600c05e447cb0bda78a93b602 Mon Sep 17 00:00:00 2001
From: Ao Song <andy@erlang.org>
Date: Wed, 12 Aug 2020 10:56:27 +0200
Subject: [PATCH] inets, fix an error regarding decode of percent encoded URLs.

Change-Id: I46116c477b0e299018217417a2e302ffa492553e
---
 lib/inets/src/http_server/httpd_util.erl | 10 ++++++----
 lib/inets/test/httpd_SUITE.erl           | 11 +++++++++++
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/lib/inets/src/http_server/httpd_util.erl b/lib/inets/src/http_server/httpd_util.erl
index 05cff30243..ce7f184d09 100644
--- a/lib/inets/src/http_server/httpd_util.erl
+++ b/lib/inets/src/http_server/httpd_util.erl
@@ -406,10 +406,11 @@ flatlength([_H|T],L) ->
 flatlength([],L) ->
     L.
 
-%% split_path
+%% split_path, URI has been decoded once when validate
+%% and should only be decoded once(RFC3986, 2.4).
 
 split_path(URI) -> 
-    case uri_string:normalize(URI, [return_map]) of
+    case uri_string:parse(URI) of
        #{fragment := Fragment,
          path := Path,
          query := Query} ->
@@ -439,11 +440,12 @@ split_path([$/|Rest],SoFar) ->
 split_path([C|Rest],SoFar) ->
     split_path(Rest,[C|SoFar]).
 
-%% split_script_path
+%% split_script_path, URI has been decoded once when validate
+%% and should only be decoded once(RFC3986, 2.4).
 
 
 split_script_path(URI) -> 
-    case uri_string:normalize(URI, [return_map]) of
+    case uri_string:parse(URI) of
        #{fragment := _Fragment,
          path := _Path,
          query := _Query} ->
diff --git a/lib/inets/test/httpd_SUITE.erl b/lib/inets/test/httpd_SUITE.erl
index 0634f6b63d..f4925e00b4 100644
--- a/lib/inets/test/httpd_SUITE.erl
+++ b/lib/inets/test/httpd_SUITE.erl
@@ -481,6 +481,17 @@ get(Config) when is_list(Config) ->
 				       proplists:get_value(node, Config),
 				       http_request("GET /open/ ", Version, Host),
 				       [{statuscode, 403},
+					{header, "Content-Type", "text/html"},
+					{header, "Date"},
+					{header, "Server"},
+					{version, Version}]),
+
+    ok = httpd_test_lib:verify_request(proplists:get_value(type, Config), Host,
+				       proplists:get_value(port, Config),
+				       transport_opts(Type, Config),
+				       proplists:get_value(node, Config),
+				       http_request("GET /.%252e/.%252e/.%252e/.%252e/.%252e/home/ ", Version, Host),
+				       [{statuscode, 404},
 					{header, "Content-Type", "text/html"},
 					{header, "Date"},
 					{header, "Server"},
-- 
2.26.2
openSUSE Build Service is sponsored by
Places