bin/47629: libexec/httpd does not properly URL-escape directory names in index

[code%boerschig.net@localhost]

>Number:         47629
>Category:       bin
>Synopsis:       libexec/httpd does not properly URL-escape directory names in 
>index
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Mar 08 12:55:00 +0000 2013
>Originator:     MB
>Release:        6.99.17
>Organization:
>Environment:
NetBSD vm 6.99.17 NetBSD 6.99.17 (XEN3PAE_DOMU) #0: Sat Feb 23 12:24:40 UTC 
2013  
builds%b8.netbsd.org@localhost:/home/builds/ab/HEAD/i386/201302230640Z-obj/home/builds/ab/HEAD/src/sys/arch/i386/compile/XEN3PAE_DOMU
 i386

>Description:
libexec/httpd does not fully escape the directory names in automatic generated 
indexes: directory names contain trailing garbage (len is initialized to 
strlen(url) and then incremented for the byte-to-byte copy)and some characters 
are not escaped.
>How-To-Repeat:
mkdir '()'
/usr/libexec/httpd -bfs -X . -I 8080
#clicking the '()' link in the generated index.html, the request fails
got request ``GET /%28)%C2%BE%10/ HTTP/1.1'' from host localhost to port 8080
# the URL should be '/%28%29'

>Fix:
diff --git a/libexec/httpd/bozohttpd.c b/libexec/httpd/bozohttpd.c
index 39b29c1..3ab446c 100644
--- a/libexec/httpd/bozohttpd.c
+++ b/libexec/httpd/bozohttpd.c
@@ -893,13 +893,14 @@ escape_rfc3986(bozohttpd_t *httpd, const char *url)
                case ',':
                case ';':
                case '=':
+               case '%':
                encode_it:
                        snprintf(d, 4, "%%%2X", *s++);
                        d += 3;
                        len += 3;
+                       break;
                default:
                        *d++ = *s++;
-                       len++;
                }
        }
        buf[len] = 0