From e737cfc1fe5f6a5c587a2b03f2a25f3051be3137 Mon Sep 17 00:00:00 2001
From: Ahmed Abdelsalam <ahmed.abdelsalam@greenbone.net>
Date: Thu, 31 Oct 2024 15:15:16 +0100
Subject: [PATCH] Fix: Fix parsing of colons in formatted string CPE
 components.

---
 util/cpeutils.c       |  4 +++-
 util/cpeutils_tests.c | 16 ++++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/util/cpeutils.c b/util/cpeutils.c
index a70ff783..71088c6a 100644
--- a/util/cpeutils.c
+++ b/util/cpeutils.c
@@ -812,7 +812,9 @@ get_fs_component (const char *fs_cpe, int index)
     component_end = component_start;
   else
     {
-      for (c = component_start; *c != '\0' && *c != ':'; c++)
+      for (c = component_start;
+           *c != '\0' && !(*c == ':' && c > fs_cpe && *(c - 1) != '\\');
+           c++)
         ;
     }
 
diff --git a/util/cpeutils_tests.c b/util/cpeutils_tests.c
index cd97e39d..58efe074 100644
--- a/util/cpeutils_tests.c
+++ b/util/cpeutils_tests.c
@@ -215,6 +215,22 @@ Ensure (cpeutils, fs_cpe_to_uri_cpe)
   fs_cpe = "This is a ~:SIGNAL:~ test.";
   uri_cpe = fs_cpe_to_uri_cpe (fs_cpe);
   g_free (uri_cpe);
+
+  fs_cpe =
+    "cpe:2.3:a:9base_project:9base:1\\:6-6:*:*:*:*:*:*:*";
+  uri_cpe = fs_cpe_to_uri_cpe (fs_cpe);
+  assert_that (uri_cpe, is_equal_to_string (
+                          "cpe:/a:9base_project:9base:1%3A6-6"));
+  g_free (uri_cpe);
+
+  fs_cpe =
+    "cpe:2.3:a:app\\:\\:cpanminus_project:app\\:\\:cpanminus:1.7000:*:*:*:*:perl:*:*";
+  uri_cpe = fs_cpe_to_uri_cpe (fs_cpe);
+  assert_that (
+    uri_cpe,
+    is_equal_to_string (
+      "cpe:/a:app%3A%3Acpanminus_project:app%3A%3Acpanminus:1.7000::~~~perl~~"));
+  g_free (uri_cpe);
 }
 
 Ensure (cpeutils, cpe_struct_match)