url: do not allow %00 to represent NUL in URLs

matvore · gitster · commit d37dc239a427 · 2019-06-04T14:48:25.000-07:00
There is no reason to allow %00 to terminate a string, so do not allow it.
Otherwise, we end up returning arbitrary content in the string (that which is
after the %00) which is effectively hidden from callers and can escape sanity
checks and validation, and possible be used in tandem with a security
vulnerability to introduce a payload.

Helped-by: brian m. carlson &lt;sandals@crustytoothpaste.net&gt;
Signed-off-by: Matthew DeVore &lt;matvore@google.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
diff --git a/url.c b/url.c
@@ -48,7 +48,7 @@ static char *url_decode_internal(const char **query, int len,
 
 		if (c == '%' && (len < 0 || len >= 3)) {
 			int val = hex2chr(q + 1);
-			if (0 <= val) {
+			if (0 < val) {
 				strbuf_addch(out, val);
 				q += 3;
 				len -= 3;
