Fix 0.9 not detected with query_string

CHANGES

@@ -1,3 +1,6 @@
+4.1:
+	Fix 0.9 not detected with query_string (Alyssa Milburn).
+
 4.0:
 	Fix directory traversal vulnerability (Alyssa Milburn).
 

eris.c

@@ -782,7 +782,6 @@ handle_request()
 		*(fsp++) = '.';
 		*(fsp++) = '/';
 		for (; *p != ' '; p += 1) {
-			if (! query_string) {
 			char c = *p;
 
 			switch (c) {
@@ -792,9 +791,9 @@ handle_request()
 					badrequest(505, "Version Not Supported", "HTTP/0.9 not supported");
 				case '?':
 					query_string = p + 1;
-						continue;
+					break;
 				case '%':
-						if (p[1] && p[2]) {
+					if ((! query_string) && p[1] && p[2]) {
 						int a = fromhex(p[1]);
 						int b = fromhex(p[2]);
 
@@ -806,11 +805,10 @@ handle_request()
 					break;
 			}
 
-				if (fsp - fspath + 1 < sizeof fspath) {
+			if ((! query_string) && (fsp - fspath + 1 < sizeof fspath)) {
 				*(fsp++) = c;
 			}
 		}
-		}
 		*fsp = 0;
 
 		/* Change "/." to "/:" to keep "hidden" files such and prevent directory traversal */

test.sh

@@ -112,6 +112,9 @@ printf 'GET / HTTP/1.0\n\n' | $HTTPD 2>/dev/null | grep -q 'james' && pass || fa
 title "No trailing slash"
 printf 'GET /empty HTTP/1.0\r\n\r\n' | $HTTPD 2>/dev/null | d | grep -q '301 Redirect#%.*Location: /empty/#%#%' && pass || fail
 
+title "No version after query_string"
+printf 'GET /?\r\n\r\n' | $HTTPD 2>/dev/null | d | grep -q 'HTTP/0.9' && pass || fail
+
 title "Logging /"
 (printf 'GET / HTTP/1.1\r\nHost: host\r\n\r\n' | 
     PROTO=TCP TCPREMOTEPORT=1234 TCPREMOTEIP=10.0.0.2 $HTTPD >/dev/null) 2>&1 | grep -q '^10.0.0.2:1234 200 6 host (null) (null) /$' && pass || fail