https://issues.shibboleth.net/jira/browse/SSPCPP-239

diff --git a/adfs/adfs.cpp b/adfs/adfs.cpp
index d0b776c..bc1d5b3 100644 (file)
--- a/adfs/adfs.cpp
+++ b/adfs/adfs.cpp
@@ -241,7 +241,7 @@ CgiParse::url_decode(char *url)
 
     for(x=0,y=0;url[y];++x,++y)
     {
-        if((url[x] = url[y]) == '%')
+        if((url[x] = url[y]) == '%' && isxdigit(url[y+1]) && isxdigit(url[y+2]))
         {
             url[x] = x2c(&url[y+1]);
             y+=2;
@@ -257,7 +257,7 @@ static inline char hexchar(unsigned short s)
 
 string CgiParse::url_encode(const char* s)
 {
-    static char badchars[]="\"\\+<>#%{}|^~[]`;/?:@=&";
+    static char badchars[]="\"\\+<>#%{}|^~[]`,;/?:@=&";
 
     string ret;
     for (; *s; s++) {

diff --git a/shib-target/shib-handlers.cpp b/shib-target/shib-handlers.cpp
index 84c742d..701a9dd 100644 (file)
--- a/shib-target/shib-handlers.cpp
+++ b/shib-target/shib-handlers.cpp
@@ -522,7 +522,7 @@ CgiParse::url_decode(char *url)
 
     for(x=0,y=0;url[y];++x,++y)
     {
-        if((url[x] = url[y]) == '%')
+        if((url[x] = url[y]) == '%' && isxdigit(url[y+1]) && isxdigit(url[y+2]))
         {
             url[x] = x2c(&url[y+1]);
             y+=2;
@@ -538,7 +538,7 @@ static inline char hexchar(unsigned short s)
 
 string CgiParse::url_encode(const char* s)
 {
-    static char badchars[]="\"\\+<>#%{}|^~[]()'`;/?:@=&";
+    static char badchars[]="\"\\+<>#%{}|^~[](),'`;/?:@=&";
 
     string ret;
     for (; *s; s++) {