diff options
author | Daniel Stenberg <daniel@haxx.se> | 2003-05-21 15:53:59 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2003-05-21 15:53:59 +0000 |
commit | 23563255921b055db38867a997806d139039061e (patch) | |
tree | 537c1e45c59cce4b4cfdc0c53478d04b01ac75c8 /lib/escape.c | |
parent | d78ec593fa817d1cc1728b87c06767216b9eabf5 (diff) | |
download | curl-23563255921b055db38867a997806d139039061e.tar.gz |
David Balazic pointed out the lack of checks for a valid %XX code when
we unescape a string. We now check and decode only valid %XX strings.
Diffstat (limited to 'lib/escape.c')
-rw-r--r-- | lib/escape.c | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/lib/escape.c b/lib/escape.c index 4dfdfa9a8..354b284e2 100644 --- a/lib/escape.c +++ b/lib/escape.c @@ -79,6 +79,10 @@ char *curl_escape(const char *string, int length) return ns; } +#define ishex(in) ((in >= 'a' && in <= 'f') || \ + (in >= 'A' && in <= 'F') || \ + (in >= '0' && in <= '9')) + char *curl_unescape(const char *string, int length) { int alloc = (length?length:(int)strlen(string))+1; @@ -93,13 +97,19 @@ char *curl_unescape(const char *string, int length) while(--alloc > 0) { in = *string; - if('%' == in) { - /* encoded part */ - if(sscanf(string+1, "%02X", &hex)) { - in = hex; - string+=2; - alloc-=2; - } + if(('%' == in) && ishex(string[1]) && ishex(string[2])) { + /* this is two hexadecimal digits following a '%' */ + char hexstr[3]; + char *ptr; + hexstr[0] = string[1]; + hexstr[1] = string[2]; + hexstr[2] = 0; + + hex = strtol(hexstr, &ptr, 16); + + in = hex; + string+=2; + alloc-=2; } ns[index++] = in; @@ -109,6 +119,9 @@ char *curl_unescape(const char *string, int length) return ns; } +/* For operating systems/environments that use different malloc/free + ssystems for the app and for this library, we provide a free that uses + the library's memory system */ void curl_free(void *p) { free(p); |