diff options
Diffstat (limited to 'lib/escape.c')
| -rw-r--r-- | lib/escape.c | 63 |
1 files changed, 50 insertions, 13 deletions
diff --git a/lib/escape.c b/lib/escape.c index b0922bc93..0dd5a1d0a 100644 --- a/lib/escape.c +++ b/lib/escape.c @@ -31,6 +31,7 @@ #include "urldata.h" #include "warnless.h" #include "non-ascii.h" +#include "escape.h" #define _MPRINTF_REPLACE /* use our functions only */ #include <curl/mprintf.h> @@ -84,7 +85,7 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength) char *testing_ptr = NULL; unsigned char in; /* we need to treat the characters unsigned */ size_t newlen = alloc; - int strindex=0; + size_t strindex=0; size_t length; CURLcode res; @@ -132,23 +133,29 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength) } /* - * Unescapes the given URL escaped string of given length. Returns a - * pointer to a malloced string with length given in *olen. - * If length == 0, the length is assumed to be strlen(string). - * If olen == NULL, no output length is stored. + * Curl_urldecode() URL decodes the given string. + * + * Optionally detects control characters (byte codes lower than 32) in the + * data and rejects such data. + * + * Returns a pointer to a malloced string in *ostring with length given in + * *olen. If length == 0, the length is assumed to be strlen(string). + * */ -char *curl_easy_unescape(CURL *handle, const char *string, int length, - int *olen) +CURLcode Curl_urldecode(struct SessionHandle *data, + const char *string, size_t length, + char **ostring, size_t *olen, + bool reject_ctrl) { - int alloc = (length?length:(int)strlen(string))+1; + size_t alloc = (length?length:strlen(string))+1; char *ns = malloc(alloc); unsigned char in; - int strindex=0; + size_t strindex=0; unsigned long hex; CURLcode res; if(!ns) - return NULL; + return CURLE_OUT_OF_MEMORY; while(--alloc > 0) { in = *string; @@ -164,16 +171,20 @@ char *curl_easy_unescape(CURL *handle, const char *string, int length, in = curlx_ultouc(hex); /* this long is never bigger than 255 anyway */ - res = Curl_convert_from_network(handle, &in, 1); + res = Curl_convert_from_network(data, &in, 1); if(res) { /* Curl_convert_from_network calls failf if unsuccessful */ free(ns); - return NULL; + return res; } string+=2; alloc-=2; } + if(reject_ctrl && (in < 0x20)) { + free(ns); + return CURLE_URL_MALFORMAT; + } ns[strindex++] = in; string++; @@ -183,7 +194,33 @@ char *curl_easy_unescape(CURL *handle, const char *string, int length, if(olen) /* store output size */ *olen = strindex; - return ns; + + if(ostring) + /* store output string */ + *ostring = ns; + + return CURLE_OK; +} + +/* + * Unescapes the given URL escaped string of given length. Returns a + * pointer to a malloced string with length given in *olen. + * If length == 0, the length is assumed to be strlen(string). + * If olen == NULL, no output length is stored. + */ +char *curl_easy_unescape(CURL *handle, const char *string, int length, + int *olen) +{ + char *str = NULL; + size_t inputlen = length; + size_t outputlen; + CURLcode res = Curl_urldecode(handle, string, inputlen, &str, &outputlen, + FALSE); + if(res) + return NULL; + if(olen) + *olen = curlx_uztosi(outputlen); + return str; } /* For operating systems/environments that use different malloc/free |