Path: fix unsafe malformed string (#359)

actix-router/CHANGES.md

@@ -2,8 +2,10 @@
 
 ## Unreleased - 2021-xx-xx
 * When matching URL parameters, `%25` is kept in the percent-encoded form - no longer decoded to `%`. [#357]
+* Fixed a bug where the `Path` extractor returns unsafe malformed string due to malformed URL. [#359]
 
 [#357]: https://github.com/actix/actix-net/pull/357
+[#359]: https://github.com/actix/actix-net/pull/359
 
 
 ## 0.2.7 - 2021-02-06

actix-router/src/url.rs

@@ -170,11 +170,7 @@ impl Quoter {
             idx += 1;
         }
 
-        cloned.map(|data| {
+        cloned.map(|data| String::from_utf8_lossy(&data).into_owned())
-            // SAFETY: we get data from http::Uri, which does UTF-8 checks already
-            // this code only decodes valid pct encoded values
-            unsafe { String::from_utf8_unchecked(data) }
-        })
     }
 }
 
@@ -259,6 +255,16 @@ mod tests {
         assert_eq!(path.get("id").unwrap(), &test);
     }
 
+    #[test]
+    fn test_invalid_utf8() {
+        let invalid_utf8 = percent_encode((0x80..=0xff).collect::<Vec<_>>().as_slice());
+        let uri = Uri::try_from(format!("/{}", invalid_utf8)).unwrap();
+        let path = Path::new(Url::new(uri));
+
+        // We should always get a valid utf8 string
+        assert!(String::from_utf8(path.path().as_bytes().to_owned()).is_ok());
+    }
+
     #[test]
     fn test_from_hex() {
         let hex = b"0123456789abcdefABCDEF";