[PATCH] Fix array subscription in unescape_url

Wed Jun 11 21:55:03 PDT 2014

Passwords with url escaped characters were parsed incorrectly. The
variable used for iterating over `url` should be `i`, not `pos`. This
patch fixes the problem.
---
 src/html.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/html.c b/src/html.c
index a573702..d433093 100644
--- a/src/html.c
+++ b/src/html.c
@@ -86,8 +86,8 @@ char *unescape_url(void *pool, const char *url, unsigned len, unsigned *out_len)
 			char b[3];
 			unsigned int u;
 
-			b[0] = url[pos + 1];
-			b[1] = url[pos + 2];
+			b[0] = url[i + 1];
+			b[1] = url[i + 2];
 			b[2] = 0;
 
 			if (sscanf(b, "%02x", &u) <= 0) {
-- 
2.0.0


