The various early-exit paths in parse_uri() accidentally bypass the URI field decoding. The result is that opaque or relative URIs do not undergo URI field decoding, resulting in double-encoding when the URIs are subsequently used. For example: #!ipxe set mac ${macstring} imgfetch /boot/by-mac/${mac:uristring} would result in an HTTP GET such as GET /boot/by-mac/00%253A0c%253A29%253Ac5%253A39%253Aa1 HTTP/1.1 rather than the expected GET /boot/by-mac/00%3A0c%3A29%3Ac5%3A39%3Aa1 HTTP/1.1 Fix by ensuring that URI decoding is always applied regardless of the URI format. Reported-by: Andrew Widdersheim <awiddersheim@inetu.net> Signed-off-by: Michael Brown <mcb30@ipxe.org>tags/v1.20.1
|
|
||
419 |
|
419 |
|
420 |
|
420 |
|
421 |
|
421 |
|
|
422 |
|
|
422 |
|
423 |
|
423 |
|
424 |
|
424 |
|
425 |
|
425 |
|
426 |
|
426 |
|
|
|
427 |
|
427 |
|
428 |
|
428 |
|
429 |
|
429 |
|
|
|
||
499 |
|
499 |
|
500 |
|
500 |
|
501 |
|
501 |
|
|
502 |
|
|
|
503 |
|
|
|
504 |
|
|
|
505 |
|
|
|
506 |
|
|
|
507 |
|
|
|
508 |
|
|
|
509 |
|
|
|
510 |
|
|
|
511 |
|
|
|
512 |
|
|
|
513 |
|
|
502 |
|
514 |
|
503 |
|
515 |
|
504 |
|
516 |
|
|
|
||
877 |
|
889 |
|
878 |
|
890 |
|
879 |
|
891 |
|
|
892 |
|
|
|
893 |
|
|
880 |
|
894 |
|
881 |
|
895 |
|
882 |
|
896 |
|