Page MenuHome GnuPG
Create Task
Maniphest T1841

gpg-connect-agent: percent+ function doesn't encode '+'
Closed, ResolvedPublic
Actions

Description

in https://bugs.debian.org/778480, Michael Gold writes:

  The 'percent+' function URL-encodes its argument and replaces spaces
  with plus signs.  But it doesn't encode plus signs in its argument;
  e.g.,
    gpg-connect-agent --subst '/echo ${percent+ foo+ bar}' /bye
  prints
    foo++bar
  which would decode to "foo  bar" instead of "foo+ bar".

  Plus signs should be encoded as %2b to make the encoding reversible.
  The above command should print "foo%2b+bar".

  When calling jnlib/stringhelp.c:percent_escape from gpg-connect-agent.c,
  '+' could be added to the 'extra' argument to do this.  But I think it
  would be preferable for percent_escape to always encode '+', like ':'
  and '%' (unpercent_string will decode arbitrary hex values).  Actually,
  there's a function percent_plus_escape in common/percent.c that appears
  to do it properly.

This appears to be the case in 2.1.2 as well.

Details

External Link
https://bugs.debian.org/778480
Version
2.0.26

Event Timeline

dkg added projects: gnupg, Bug Report, Debian.Feb 16 2015, 9:57 AM
dkg set Version to 2.0.26.
dkg added a subscriber: dkg.
werner added a subscriber: werner.May 11 2015, 7:42 PM

I have fixed it for the gca functions percent and percent+ but won't do it in
the generic percent_exacpe C function. Changing the latter may introduce
regressions.

Fixed for 2.0 and 2.1.

werner set External Link to https://bugs.debian.org/778480.May 11 2015, 7:42 PM
werner added a project: Restricted Project.
werner closed this task as Resolved.Sep 21 2015, 8:53 AM
werner claimed this task.
werner removed a project: Restricted Project.