------------------------------------------------------------
revno: 13058
revision-id: squid3@treenet.co.nz-20131215053333-un57sms1p98rw48t
parent: squid3@treenet.co.nz-20131215051846-ww8ofs7nmy1zcjz9
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.4
timestamp: Sat 2013-12-14 22:33:33 -0700
message:
  Regression in URL helper API
  
  The backward compatibility logics in redirect.cc are not working as
  intended on redirection URLs due to the presence of '=' in the URL and
  how the key=value name parsing is performed.
  
  A typical redirection URL looks like:
    http://example.com/?url=http://www.example.net/
  
  and 3.4 has a parser that splits tokens at '=' unconditionally and then
  passes the bits as a key and value to the redirector logics which
  complains that it does not understand the answer of the URL redirector.
  Or treats is an an unknown key=value with no redirection URL.
  
  Either case is handled as a no-redirection result from the helper.
  
  
  This limits the key names to alphanumeric, hyphen and underscore
  characters. Valid URL responses contain characters outside this set and
  should no longer be interpreted as keys regardless of the '=' character.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20131215053333-un57sms1p98rw48t
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4
# testament_sha1: 5f9d642f99dca0a1ff333f175286e7e4e3c0671d
# timestamp: 2013-12-15 05:53:52 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4
# base_revision_id: squid3@treenet.co.nz-20131215051846-\
#   ww8ofs7nmy1zcjz9
# 
# Begin patch
=== modified file 'src/HelperReply.cc'
--- src/HelperReply.cc	2013-04-30 00:13:26 +0000
+++ src/HelperReply.cc	2013-12-15 05:33:33 +0000
@@ -127,13 +127,33 @@
     }
 }
 
+/// restrict key names to alphanumeric, hyphen, underscore characters
+static bool
+isKeyNameChar(char c)
+{
+    if (c >= 'a' && c <= 'z')
+        return true;
+
+    if (c >= 'A' && c <= 'Z')
+        return true;
+
+    if (c >= '0' && c <= '9')
+        return true;
+
+    if (c == '-' || c == '_')
+        return true;
+
+    // prevent other characters matching the key=value
+    return false;
+}
+
 void
 HelperReply::parseResponseKeys()
 {
     // parse a "key=value" pair off the 'other()' buffer.
     while (other().hasContent()) {
         char *p = modifiableOther().content();
-        while (*p && *p != '=' && *p != ' ') ++p;
+        while (*p && isKeyNameChar(*p)) ++p;
         if (*p != '=')
             return; // done. Not a key.