summaryrefslogtreecommitdiff
path: root/lib/escape.c
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2003-05-21 15:53:59 +0000
committerDaniel Stenberg <daniel@haxx.se>2003-05-21 15:53:59 +0000
commit23563255921b055db38867a997806d139039061e (patch)
tree537c1e45c59cce4b4cfdc0c53478d04b01ac75c8 /lib/escape.c
parentd78ec593fa817d1cc1728b87c06767216b9eabf5 (diff)
downloadcurl-23563255921b055db38867a997806d139039061e.tar.gz
David Balazic pointed out the lack of checks for a valid %XX code when
we unescape a string. We now check and decode only valid %XX strings.
Diffstat (limited to 'lib/escape.c')
-rw-r--r--lib/escape.c27
1 files changed, 20 insertions, 7 deletions
diff --git a/lib/escape.c b/lib/escape.c
index 4dfdfa9a8..354b284e2 100644
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -79,6 +79,10 @@ char *curl_escape(const char *string, int length)
return ns;
}
+#define ishex(in) ((in >= 'a' && in <= 'f') || \
+ (in >= 'A' && in <= 'F') || \
+ (in >= '0' && in <= '9'))
+
char *curl_unescape(const char *string, int length)
{
int alloc = (length?length:(int)strlen(string))+1;
@@ -93,13 +97,19 @@ char *curl_unescape(const char *string, int length)
while(--alloc > 0) {
in = *string;
- if('%' == in) {
- /* encoded part */
- if(sscanf(string+1, "%02X", &hex)) {
- in = hex;
- string+=2;
- alloc-=2;
- }
+ if(('%' == in) && ishex(string[1]) && ishex(string[2])) {
+ /* this is two hexadecimal digits following a '%' */
+ char hexstr[3];
+ char *ptr;
+ hexstr[0] = string[1];
+ hexstr[1] = string[2];
+ hexstr[2] = 0;
+
+ hex = strtol(hexstr, &ptr, 16);
+
+ in = hex;
+ string+=2;
+ alloc-=2;
}
ns[index++] = in;
@@ -109,6 +119,9 @@ char *curl_unescape(const char *string, int length)
return ns;
}
+/* For operating systems/environments that use different malloc/free
+ ssystems for the app and for this library, we provide a free that uses
+ the library's memory system */
void curl_free(void *p)
{
free(p);