1

We have a legacy IIS DLL that uses GetServerVariable (MSDN) to retrieve the value of UNENCODED_URL. When accessing the URL:

https://example.com/a%2Fb

the value retrieved will look like this:

/path/to/server.dll/a0.000000b

which is strange, because it should look like this:

/path/to/server.dll/a%2Fb

The LPEXTENSION_CONTROL_BLOCK's value of lpszPathInfo (MSDN) has the value:

/a/b

as expected.

Does anybody know why the UNENCODED_URL value looks like this and how can I retrieve the correct value?

digory doo
  • 1,978
  • 2
  • 23
  • 37
  • 1
    How are you determining the value? You’re not just using `printf` to display it? Because that would explain it – Sami Kuhmonen Jul 12 '18 at 06:50
  • I'm logging it to a file using some legacy technique. Good point, the logging may misinterprete it, I'll have a look. – digory doo Jul 12 '18 at 06:51

1 Answers1

3

If you’re using for example printf to output the value of the environment variable instead of using a debugger, or puts, that will explain it. %2f will be understood as a command to printf to output the first variable argument as a floating point number.

Always output strings with puts or other functions that do not alter the value.

Sami Kuhmonen
  • 30,146
  • 9
  • 61
  • 74
  • Or use `printf()` with the `%s` specifier to print strings that have `%` characters in them. NEVER pass arbitrary strings to the `format` parameter of `printf()`, only strings that you create yourself for the purpose of formatting. – Remy Lebeau Jul 12 '18 at 08:11