From c9f45677b585dabb3a83570e21426257d92746bd Mon Sep 17 00:00:00 2001
From: Bryan Honof <bryanhonof@gmail.com>
Date: Wed, 21 Aug 2024 16:57:06 +0200
Subject: [PATCH 1/2] fix: Error on malformed URI query parameter

Signed-off-by: Bryan Honof <bryanhonof@gmail.com>
---
 src/libutil/url.cc | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/libutil/url.cc b/src/libutil/url.cc
index bcbe9ea4e..78c832440 100644
--- a/src/libutil/url.cc
+++ b/src/libutil/url.cc
@@ -79,10 +79,15 @@ std::map<std::string, std::string> decodeQuery(const std::string & query)
 
     for (auto s : tokenizeString<Strings>(query, "&")) {
         auto e = s.find('=');
-        if (e != std::string::npos)
-            result.emplace(
-                s.substr(0, e),
-                percentDecode(std::string_view(s).substr(e + 1)));
+
+        if (e == std::string::npos) {
+            warn("invalid URI query '%s', did you forget an equals sign `=`?", s);
+            continue;
+        }
+
+        result.emplace(
+            s.substr(0, e),
+            percentDecode(std::string_view(s).substr(e + 1)));
     }
 
     return result;

From 9b1cefe27e542d890aa346996a03dfecd9793dfe Mon Sep 17 00:00:00 2001
From: Bryan Honof <bryanhonof@gmail.com>
Date: Wed, 28 Aug 2024 18:48:18 +0200
Subject: [PATCH 2/2] Update src/libutil/url.cc

Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
---
 src/libutil/url.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libutil/url.cc b/src/libutil/url.cc
index 78c832440..8ef1857bb 100644
--- a/src/libutil/url.cc
+++ b/src/libutil/url.cc
@@ -81,7 +81,7 @@ std::map<std::string, std::string> decodeQuery(const std::string & query)
         auto e = s.find('=');
 
         if (e == std::string::npos) {
-            warn("invalid URI query '%s', did you forget an equals sign `=`?", s);
+            warn("dubious URI query '%s' is missing equal sign '%s'", s, "=");
             continue;
         }