[uri] Apply URI decoding for all parsed URIs

The various early-exit paths in parse_uri() accidentally bypass the URI field decoding. The result is that opaque or relative URIs do not undergo URI field decoding, resulting in double-encoding when the URIs are subsequently used. For example: #!ipxe set mac ${macstring} imgfetch /boot/by-mac/${mac:uristring} would result in an HTTP GET such as GET /boot/by-mac/00%253A0c%253A29%253Ac5%253A39%253Aa1 HTTP/1.1 rather than the expected GET /boot/by-mac/00%3A0c%3A29%3Ac5%3A39%3Aa1 HTTP/1.1 Fix by ensuring that URI decoding is always applied regardless of the URI format. Reported-by: Andrew Widdersheim <awiddersheim@inetu.net> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-24 15:23:42 +03:00 · 2016-01-26 16:16:13 +00:00
parent f0e9e55442
commit e55ec845e6
2 changed files with 15 additions and 1 deletions
--- a/src/tests/uri_test.c
+++ b/src/tests/uri_test.c
@@ -499,6 +499,18 @@ static struct uri_test uri_mailto = {
 	{ .scheme = "mailto", .opaque = "ipxe-devel@lists.ipxe.org" }
 };

+/** Basic path-only URI */
+static struct uri_test uri_path = {
+	"/var/lib/tftpboot/pxelinux.0",
+	{ .path = "/var/lib/tftpboot/pxelinux.0" },
+};
+
+/** Path-only URI with escaped characters */
+static struct uri_test uri_path_escaped = {
+	"/hello%20world%3F",
+	{ .path = "/hello world?" },
+};
+
 /** HTTP URI with all the trimmings */
 static struct uri_test uri_http_all = {
 	"http://anon:password@example.com:3001/~foo/cgi-bin/foo.pl?a=b&c=d#bit",
@@ -877,6 +889,8 @@ static void uri_test_exec ( void ) {
 	uri_parse_format_dup_ok ( &uri_empty );
 	uri_parse_format_dup_ok ( &uri_boot_ipxe_org );
 	uri_parse_format_dup_ok ( &uri_mailto );
+	uri_parse_format_dup_ok ( &uri_path );
+	uri_parse_format_dup_ok ( &uri_path_escaped );
 	uri_parse_format_dup_ok ( &uri_http_all );
 	uri_parse_format_dup_ok ( &uri_http_escaped );
 	uri_parse_ok ( &uri_http_escaped_improper ); /* Parse only */