in unsafe_char(), handle %NN with array-index inspection rather than weird

ptr++
ok claudio

diff --git a/usr.bin/ftp/fetch.c b/usr.bin/ftp/fetch.c
index b50040d..7a29dfb 100644 (file)
--- a/usr.bin/ftp/fetch.c
+++ b/usr.bin/ftp/fetch.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: fetch.c,v 1.203 2021/03/13 11:36:31 sthen Exp $       */
+/*     $OpenBSD: fetch.c,v 1.204 2021/03/29 03:34:52 deraadt Exp $     */
 /*     $NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $ */
 
 /*-
@@ -128,7 +128,7 @@ unsafe_char(const char *c0)
             * hexadecimal digits.
             */
            strchr(unsafe_chars, *c) != NULL ||
-           (*c == '%' && (!isxdigit(*++c) || !isxdigit(*++c))));
+           (*c == '%' && (!isxdigit(c[1]) || !isxdigit(c[2]))));
 }
 
 /*

diff --git a/usr.sbin/rpki-client/http.c b/usr.sbin/rpki-client/http.c
index 8f49b74..a3c4cbb 100644 (file)
--- a/usr.sbin/rpki-client/http.c
+++ b/usr.sbin/rpki-client/http.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: http.c,v 1.9 2021/03/25 12:18:45 claudio Exp $  */
+/*      $OpenBSD: http.c,v 1.10 2021/03/29 03:34:52 deraadt Exp $  */
 /*
  * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
  * Copyright (c) 2020 Claudio Jeker <claudio@openbsd.com>
@@ -168,7 +168,7 @@ unsafe_char(const char *c0)
             * hexadecimal digits.
             */
            strchr(unsafe_chars, *c) != NULL ||
-           (*c == '%' && (!isxdigit(*++c) || !isxdigit(*++c))));
+           (*c == '%' && (!isxdigit(c[1]) || !isxdigit(c[2]))));
 }
 
 /*