From ae1912cb0d494b48d514d937826c9fe83ec96c4d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 29 Dec 1999 14:20:26 +0000 Subject: Initial revision --- lib/escape.h | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 lib/escape.h (limited to 'lib/escape.h') diff --git a/lib/escape.h b/lib/escape.h new file mode 100644 index 000000000..bca4d8bd9 --- /dev/null +++ b/lib/escape.h @@ -0,0 +1,49 @@ +#ifndef __ESCAPE_H +#define __ESCAPE_H + +/***************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * The contents of this file are subject to the Mozilla Public License + * Version 1.0 (the "License"); you may not use this file except in + * compliance with the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" + * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the + * License for the specific language governing rights and limitations + * under the License. + * + * The Original Code is Curl. + * + * The Initial Developer of the Original Code is Daniel Stenberg. + * + * Portions created by the Initial Developer are Copyright (C) 1998. + * All Rights Reserved. + * + * ------------------------------------------------------------ + * Main author: + * - Daniel Stenberg + * + * http://curl.haxx.nu + * + * $Source$ + * $Revision$ + * $Date$ + * $Author$ + * $State$ + * $Locker$ + * + * ------------------------------------------------------------ + ****************************************************************************/ +/* Escape and unescape URL encoding in strings. The functions return a new + * allocated string or NULL if an error occurred. */ + +char *curl_escape(char *string); +char *curl_unescape(char *string); + +#endif -- cgit v1.2.1 From 96dde76b99897352aa3d0877a0b621a9e605733e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 22 May 2000 14:12:12 +0000 Subject: moved here from the newlib branch --- lib/escape.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/escape.h') diff --git a/lib/escape.h b/lib/escape.h index bca4d8bd9..5c080c209 100644 --- a/lib/escape.h +++ b/lib/escape.h @@ -44,6 +44,6 @@ * allocated string or NULL if an error occurred. */ char *curl_escape(char *string); -char *curl_unescape(char *string); +char *curl_unescape(char *string, int length); #endif -- cgit v1.2.1 From 1ef3600a0731fef8f59563a1e49981f1b64b9746 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 20 Jun 2000 15:31:26 +0000 Subject: haxx.nu => haxx.se --- lib/escape.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/escape.h') diff --git a/lib/escape.h b/lib/escape.h index 5c080c209..74d7661a4 100644 --- a/lib/escape.h +++ b/lib/escape.h @@ -27,9 +27,9 @@ * * ------------------------------------------------------------ * Main author: - * - Daniel Stenberg + * - Daniel Stenberg * - * http://curl.haxx.nu + * http://curl.haxx.se * * $Source$ * $Revision$ -- cgit v1.2.1 From 24dee483e9e925c2ab79dd582f70c9a55ab9ba4d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 3 Jan 2001 09:29:33 +0000 Subject: dual-license fix --- lib/escape.h | 39 +++++++++++---------------------------- 1 file changed, 11 insertions(+), 28 deletions(-) (limited to 'lib/escape.h') diff --git a/lib/escape.h b/lib/escape.h index 74d7661a4..45a862aaf 100644 --- a/lib/escape.h +++ b/lib/escape.h @@ -8,38 +8,21 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * The contents of this file are subject to the Mozilla Public License - * Version 1.0 (the "License"); you may not use this file except in - * compliance with the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ + * Copyright (C) 2000, Daniel Stenberg, , et al. * - * Software distributed under the License is distributed on an "AS IS" - * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the - * License for the specific language governing rights and limitations - * under the License. + * In order to be useful for every potential user, curl and libcurl are + * dual-licensed under the MPL and the MIT/X-derivate licenses. * - * The Original Code is Curl. + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the MPL or the MIT/X-derivate + * licenses. You may pick one of these licenses. * - * The Initial Developer of the Original Code is Daniel Stenberg. + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. * - * Portions created by the Initial Developer are Copyright (C) 1998. - * All Rights Reserved. - * - * ------------------------------------------------------------ - * Main author: - * - Daniel Stenberg - * - * http://curl.haxx.se - * - * $Source$ - * $Revision$ - * $Date$ - * $Author$ - * $State$ - * $Locker$ - * - * ------------------------------------------------------------ - ****************************************************************************/ + * $Id$ + *****************************************************************************/ /* Escape and unescape URL encoding in strings. The functions return a new * allocated string or NULL if an error occurred. */ -- cgit v1.2.1 From f8d883355d8a0965534ef8a6da99bd7195cf56d0 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 22 Mar 2001 11:40:58 +0000 Subject: the new escape/unescape function setup --- lib/escape.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/escape.h') diff --git a/lib/escape.h b/lib/escape.h index 45a862aaf..1ec5c7ddd 100644 --- a/lib/escape.h +++ b/lib/escape.h @@ -26,7 +26,7 @@ /* Escape and unescape URL encoding in strings. The functions return a new * allocated string or NULL if an error occurred. */ -char *curl_escape(char *string); +char *curl_escape(char *string, int length); char *curl_unescape(char *string, int length); #endif -- cgit v1.2.1 From 08655d8d5d0ea980227096366c231693198e61d6 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 21 Aug 2001 13:18:07 +0000 Subject: Georg Huettenegger's patch curl-7.8.1-pre5-patch-20010819 --- lib/escape.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/escape.h') diff --git a/lib/escape.h b/lib/escape.h index 1ec5c7ddd..cda6a65a2 100644 --- a/lib/escape.h +++ b/lib/escape.h @@ -26,7 +26,7 @@ /* Escape and unescape URL encoding in strings. The functions return a new * allocated string or NULL if an error occurred. */ -char *curl_escape(char *string, int length); -char *curl_unescape(char *string, int length); +char *curl_escape(const char *string, int length); +char *curl_unescape(const char *string, int length); #endif -- cgit v1.2.1 From 974f314f5785156af6983675aeb28313cc8ba2ea Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 19 Mar 2002 07:54:55 +0000 Subject: copyright string (year) update --- lib/escape.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/escape.h') diff --git a/lib/escape.h b/lib/escape.h index cda6a65a2..94ff4e5d9 100644 --- a/lib/escape.h +++ b/lib/escape.h @@ -8,7 +8,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2000, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2002, Daniel Stenberg, , et al. * * In order to be useful for every potential user, curl and libcurl are * dual-licensed under the MPL and the MIT/X-derivate licenses. -- cgit v1.2.1 From ba4e69bebc8f7f32f3bc7faa1e13e7580754075b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 3 Sep 2002 11:52:59 +0000 Subject: updated source code boilerplate/header --- lib/escape.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'lib/escape.h') diff --git a/lib/escape.h b/lib/escape.h index 94ff4e5d9..5808207e8 100644 --- a/lib/escape.h +++ b/lib/escape.h @@ -1,7 +1,7 @@ #ifndef __ESCAPE_H #define __ESCAPE_H -/***************************************************************************** +/*************************************************************************** * _ _ ____ _ * Project ___| | | | _ \| | * / __| | | | |_) | | @@ -10,19 +10,19 @@ * * Copyright (C) 1998 - 2002, Daniel Stenberg, , et al. * - * In order to be useful for every potential user, curl and libcurl are - * dual-licensed under the MPL and the MIT/X-derivate licenses. - * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the MPL or the MIT/X-derivate - * licenses. You may pick one of these licenses. + * furnished to do so, under the terms of the COPYING file. * * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * * $Id$ - *****************************************************************************/ + ***************************************************************************/ /* Escape and unescape URL encoding in strings. The functions return a new * allocated string or NULL if an error occurred. */ -- cgit v1.2.1 From f26a338a54e04d0a6907f5d2479d8b0fa9daf297 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 16 Jan 2003 21:08:12 +0000 Subject: copyright year update in the source header --- lib/escape.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/escape.h') diff --git a/lib/escape.h b/lib/escape.h index 5808207e8..a74588f87 100644 --- a/lib/escape.h +++ b/lib/escape.h @@ -8,7 +8,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2002, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2003, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms -- cgit v1.2.1 From 053f6c85efd0bf698f73343989474d672d0563a8 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 7 Jan 2004 09:19:33 +0000 Subject: updated year in the copyright string --- lib/escape.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/escape.h') diff --git a/lib/escape.h b/lib/escape.h index a74588f87..4d29236d0 100644 --- a/lib/escape.h +++ b/lib/escape.h @@ -8,7 +8,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2003, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2004, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms -- cgit v1.2.1 From 43b3954fa55083f0722144f7b6e1898ee93fb52b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 31 Oct 2005 08:47:54 +0000 Subject: kill trailing whitespace --- lib/escape.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'lib/escape.h') diff --git a/lib/escape.h b/lib/escape.h index 4d29236d0..d6dcd3d87 100644 --- a/lib/escape.h +++ b/lib/escape.h @@ -2,10 +2,10 @@ #define __ESCAPE_H /*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * * Copyright (C) 1998 - 2004, Daniel Stenberg, , et al. @@ -13,7 +13,7 @@ * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms * are also available at http://curl.haxx.se/docs/copyright.html. - * + * * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is * furnished to do so, under the terms of the COPYING file. -- cgit v1.2.1 From bda1e9aeab019d003036a3ec24193605bc191b3a Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 9 Jan 2006 13:17:14 +0000 Subject: Made the copyright year match the latest modification's year. --- lib/escape.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/escape.h') diff --git a/lib/escape.h b/lib/escape.h index d6dcd3d87..b37271ddd 100644 --- a/lib/escape.h +++ b/lib/escape.h @@ -8,7 +8,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2004, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2005, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms -- cgit v1.2.1 From 5a4b43848ac21b3d831f00ce11136e20f820f0a0 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 7 Apr 2006 21:50:47 +0000 Subject: First commit of David McCreedy's EBCDIC and TPF changes. --- lib/escape.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'lib/escape.h') diff --git a/lib/escape.h b/lib/escape.h index b37271ddd..a0a0209c4 100644 --- a/lib/escape.h +++ b/lib/escape.h @@ -8,7 +8,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2005, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2006, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -26,7 +26,5 @@ /* Escape and unescape URL encoding in strings. The functions return a new * allocated string or NULL if an error occurred. */ -char *curl_escape(const char *string, int length); -char *curl_unescape(const char *string, int length); #endif -- cgit v1.2.1 From 2309b4e330b96bc2e1f8e36b6184015e59544037 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 24 Mar 2010 11:02:54 +0100 Subject: remove the CVSish $Id$ lines --- lib/escape.h | 1 - 1 file changed, 1 deletion(-) (limited to 'lib/escape.h') diff --git a/lib/escape.h b/lib/escape.h index a0a0209c4..04b06a973 100644 --- a/lib/escape.h +++ b/lib/escape.h @@ -21,7 +21,6 @@ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * - * $Id$ ***************************************************************************/ /* Escape and unescape URL encoding in strings. The functions return a new * allocated string or NULL if an error occurred. */ -- cgit v1.2.1 From 75ca568fa1c19de4c5358fed246686de8467c238 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 23 Dec 2011 13:24:16 +0100 Subject: URL sanitize: reject URLs containing bad data Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich --- lib/escape.h | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'lib/escape.h') diff --git a/lib/escape.h b/lib/escape.h index 04b06a973..4c7f84133 100644 --- a/lib/escape.h +++ b/lib/escape.h @@ -1,5 +1,5 @@ -#ifndef __ESCAPE_H -#define __ESCAPE_H +#ifndef HEADER_CURL_ESCAPE_H +#define HEADER_CURL_ESCAPE_H /*************************************************************************** * _ _ ____ _ @@ -8,7 +8,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2006, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2011, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -25,5 +25,9 @@ /* Escape and unescape URL encoding in strings. The functions return a new * allocated string or NULL if an error occurred. */ +CURLcode Curl_urldecode(struct SessionHandle *data, + const char *string, size_t length, + char **ostring, size_t *olen, + bool reject_crlf); #endif -- cgit v1.2.1