mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-11-27 05:50:21 +08:00
Code Issues Packages Projects Releases Wiki Activity
0510e8b58c
curl/lib/escape.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

235 lines
6.4 KiB
C
Raw Normal View History

updated source code boilerplate/header
2002-09-03 19:52:59 +08:00
/***************************************************************************
include header for our printfs
2004-06-24 22:35:45 +08:00
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
Initial revision
1999-12-29 22:20:26 +08:00
* \___|\___/|_| \_\_____|
*
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - saves us from pointless churn - git keeps history for us - the year range is kept in COPYING checksrc is updated to allow non-year using copyright statements Closes #10205
2023-01-02 20:51:48 +08:00
* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
Initial revision
1999-12-29 22:20:26 +08:00
*
updated source code boilerplate/header
2002-09-03 19:52:59 +08:00
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
curl.se: new home Closes #6172
2020-11-04 21:02:01 +08:00
* are also available at https://curl.se/docs/copyright.html.
include header for our printfs
2004-06-24 22:35:45 +08:00
*
dual-license fix
2001-01-03 17:29:33 +08:00
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
updated source code boilerplate/header
2002-09-03 19:52:59 +08:00
* furnished to do so, under the terms of the COPYING file.
Initial revision
1999-12-29 22:20:26 +08:00
*
dual-license fix
2001-01-03 17:29:33 +08:00
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
Initial revision
1999-12-29 22:20:26 +08:00
*
updated source code boilerplate/header
2002-09-03 19:52:59 +08:00
* SPDX-License-Identifier: curl
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the file `.reuse/dep5`. This commit also adds a Github workflow to check pull requests and adapts copyright.pl to the changes. Closes #8869
2022-05-17 17:16:50 +08:00
*
updated source code boilerplate/header
2002-09-03 19:52:59 +08:00
***************************************************************************/
Initial revision
1999-12-29 22:20:26 +08:00
/* Escape and unescape URL encoding in strings. The functions return a new
* allocated string or NULL if an error occurred. */
build: fix circular header inclusion with other packages This commit renames lib/setup.h to lib/curl_setup.h and renames lib/setup_once.h to lib/curl_setup_once.h. Removes the need and usage of a header inclusion guard foreign to libcurl. [1] Removes the need and presence of an alarming notice we carried in old setup_once.h [2] ---------------------------------------- 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H, this single inclusion guard is enough to ensure that inclusion of lib/setup_once.h done from lib/setup.h is only done once. Additionally lib/setup.h has always used __SETUP_ONCE_H macro to protect inclusion of setup_once.h even after commit ec691ca3, this was to avoid a circular header inclusion triggered when building a c-ares enabled version with c-ares sources available which also has a setup_once.h header. Commit ec691ca3 exposes the real nature of __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard foreign to libcurl belonging to c-ares's setup_once.h The renaming this commit does, fixes the circular header inclusion, and as such removes the need and usage of a header inclusion guard foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl. 2 - Due to the circular interdependency of old lib/setup_once.h and the c-ares setup_once.h header, old file lib/setup_once.h has carried back from 2006 up to now days an alarming and prominent notice about the need of keeping libcurl's and c-ares's setup_once.h in sync. Given that this commit fixes the circular interdependency, the need and presence of mentioned notice is removed. All mentioned interdependencies come back from now old days when the c-ares project lived inside a curl subdirectory. This commit removes last traces of such fact.
2013-01-07 02:06:49 +08:00
#include "curl_setup.h"
stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.h
2011-07-26 23:23:27 +08:00
in unescape(), '+' is now only converted to space after the first '?'
2000-08-31 20:03:04 +08:00
#include <curl/curl.h>
Revert changes relative to lib/*.[ch] recent renaming This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
2013-01-04 09:50:28 +08:00
#include "urldata.h"
#include "warnless.h"
#include "escape.h"
realloc: use Curl_saferealloc to avoid common mistakes Discussed: https://curl.haxx.se/mail/lib-2016-11/0087.html
2016-11-07 17:55:25 +08:00
#include "strdup.h"
lib: include curl_printf.h as one of the last headers curl_printf.h defines printf to curl_mprintf, etc. This can cause problems with external headers which may use __attribute__((format(printf, ...))) markers etc. To avoid that they cause problems with system includes, we include curl_printf.h after any system headers. That makes the three last headers to always be, and we keep them in this order: curl_printf.h curl_memory.h memdebug.h None of them include system headers, they all do funny #defines. Reported-by: David Benjamin Fixes #743
2016-04-29 21:46:40 +08:00
/* The last 3 #include files should be in this order */
mprintf.h: remove #ifdef CURLDEBUG ... and as a consequence, introduce curl_printf.h with that re-define magic instead and make all libcurl code use that instead.
2015-03-03 19:36:18 +08:00
#include "curl_printf.h"
curl_memory: make curl_memory.h the second-last header file loaded This header file must be included after all header files except memdebug.h, as it does similar memory function redefinitions and can be similarly affected by conflicting definitions in system or dependent library headers.
2015-03-25 06:12:03 +08:00
#include "curl_memory.h"
Revert changes relative to lib/*.[ch] recent renaming This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
2013-01-04 09:50:28 +08:00
#include "memdebug.h"
added memory debugging include file
2000-10-09 19:12:34 +08:00
First commit of David McCreedy's EBCDIC and TPF changes.
2006-04-08 05:50:47 +08:00
/* for ABI-compatibility with previous versions */
Variable type cleanups to please the picky MIPSPro compiler.
2004-07-01 16:10:21 +08:00
char *curl_escape(const char *string, int inlength)
First commit of David McCreedy's EBCDIC and TPF changes.
2006-04-08 05:50:47 +08:00
{
return curl_easy_escape(NULL, string, inlength);
}
/* for ABI-compatibility with previous versions */
char *curl_unescape(const char *string, int length)
{
return curl_easy_unescape(NULL, string, length, NULL);
}
docs: explain curl_easy_escape/unescape curl handle is ignored 26101421 (precedes 7.82.0) removed character conversion support used by very old legacy operating systems and since then the curl handle passed to curl_easy_escape/unescape is always ignored. Bug: https://github.com/curl/curl/discussions/9115 Reported-by: Ted Lyngmo Closes https://github.com/curl/curl/pull/9121
2022-07-08 14:04:35 +08:00
/* Escapes for URL the given unescaped string of given length.
* 'data' is ignored since 7.82.0.
*/
typedefs: use the full structs in internal code... ... and save the typedef'ed names for headers and external APIs.
2016-06-22 01:31:24 +08:00
char *curl_easy_escape(struct Curl_easy *data, const char *string,
int inlength)
Initial revision
1999-12-29 22:20:26 +08:00
{
Variable type cleanups to please the picky MIPSPro compiler.
2004-07-01 16:10:21 +08:00
size_t length;
dynbuf: introduce internal generic dynamic buffer functions A common set of functions instead of many separate implementations for creating buffers that can grow when appending data to them. Existing functionality has been ported over. In my early basic testing, the total number of allocations seem at roughly the same amount as before, possibly a few less. See docs/DYNBUF.md for a description of the API. Closes #5300
2020-05-02 23:04:08 +08:00
struct dynbuf d;
lib: remove support for CURL_DOES_CONVERSIONS TPF was the only user and support for that was dropped. Closes #8378
2022-02-03 20:04:30 +08:00
(void)data;
Initial revision
1999-12-29 22:20:26 +08:00
curl_easy_escape: deny negative string lengths as input CVE-2016-7167 Bug: https://curl.haxx.se/docs/adv_20160914.html
2016-09-09 04:59:54 +08:00
if(inlength < 0)
return NULL;
curl_easy_escape: limit output string length to 3 * max input ... instead of the limiting it to just the max input size. As every input byte can be expanded to 3 output bytes, this could limit the input string to 2.66 MB instead of the intended 8 MB. Reported-by: Marc Schlatter Closes #6192
2020-11-09 23:24:13 +08:00
Curl_dyn_init(&d, CURL_MAX_INPUT_LENGTH * 3);
return NULL on out of memory
2004-05-12 21:04:30 +08:00
dynbuf: introduce internal generic dynamic buffer functions A common set of functions instead of many separate implementations for creating buffers that can grow when appending data to them. Existing functionality has been ported over. In my early basic testing, the total number of allocations seem at roughly the same amount as before, possibly a few less. See docs/DYNBUF.md for a description of the API. Closes #5300
2020-05-02 23:04:08 +08:00
length = (inlength?(size_t)inlength:strlen(string));
escape: zero length input should return a zero length output Regression added in 7.71.0. Fixes #5601 Reported-by: Kristoffer Gleditsch Closes #5602
2020-06-24 21:23:19 +08:00
if(!length)
return strdup("");
the new escape/unescape function setup
2001-03-22 19:40:58 +08:00
while(length--) {
escape: use table lookup when adding %-codes to output On my dev host, this code runs 7.8 times faster. Closes #10377
2023-01-31 19:34:08 +08:00
unsigned char in = *string++; /* treat the characters unsigned */
Patrick Monnerat fixed curl_easy_escape() and curlx_strtoll() to work on non-ASCII systems.
2007-08-05 04:47:59 +08:00
escape: replace Curl_isunreserved with ISUNRESERVED - Use the ALLCAPS version of the macro so that it is clear a macro is being called that evaluates the variable multiple times. - Also capitalize macro isurlpuntcs => ISURLPUNTCS since it evaluates a variable multiple times. This is a follow-up to 291d225a which changed Curl_isunreserved into an alias macro for ISUNRESERVED. The problem is the former is not easily identified as a macro by the caller, which could lead to a bug. For example, ISUNRESERVED(*foo++) is easily identifiable as wrong but Curl_isunreserved(*foo++) is not even though they both are the same. Closes https://github.com/curl/curl/pull/11846
2023-09-14 02:41:51 +08:00
if(ISUNRESERVED(in)) {
dynbuf: introduce internal generic dynamic buffer functions A common set of functions instead of many separate implementations for creating buffers that can grow when appending data to them. Existing functionality has been ported over. In my early basic testing, the total number of allocations seem at roughly the same amount as before, possibly a few less. See docs/DYNBUF.md for a description of the API. Closes #5300
2020-05-02 23:04:08 +08:00
/* append this */
if(Curl_dyn_addn(&d, &in, 1))
return NULL;
}
wrap long lines and do some indent policing
2010-01-23 07:21:39 +08:00
else {
the new escape/unescape function setup
2001-03-22 19:40:58 +08:00
/* encode it */
escape: use table lookup when adding %-codes to output On my dev host, this code runs 7.8 times faster. Closes #10377
2023-01-31 19:34:08 +08:00
const char hex[] = "0123456789ABCDEF";
char out[3]={'%'};
out[1] = hex[in>>4];
out[2] = hex[in & 0xf];
if(Curl_dyn_addn(&d, out, 3))
dynbuf: introduce internal generic dynamic buffer functions A common set of functions instead of many separate implementations for creating buffers that can grow when appending data to them. Existing functionality has been ported over. In my early basic testing, the total number of allocations seem at roughly the same amount as before, possibly a few less. See docs/DYNBUF.md for a description of the API. Closes #5300
2020-05-02 23:04:08 +08:00
return NULL;
the new escape/unescape function setup
2001-03-22 19:40:58 +08:00
}
}
dynbuf: introduce internal generic dynamic buffer functions A common set of functions instead of many separate implementations for creating buffers that can grow when appending data to them. Existing functionality has been ported over. In my early basic testing, the total number of allocations seem at roughly the same amount as before, possibly a few less. See docs/DYNBUF.md for a description of the API. Closes #5300
2020-05-02 23:04:08 +08:00
return Curl_dyn_ptr(&d);
Initial revision
1999-12-29 22:20:26 +08:00
}
escape: hex decode with a lookup-table Makes the decoding 2.8 times faster in my tests. Closes #10376
2023-01-31 16:36:07 +08:00
static const unsigned char hextable[] = {
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, /* 0x30 - 0x3f */
0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x40 - 0x4f */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x50 - 0x5f */
0, 10, 11, 12, 13, 14, 15 /* 0x60 - 0x66 */
};
/* the input is a single hex digit */
#define onehex2dec(x) hextable[x - '0']
Added const to some pointer variables
2008-10-08 09:17:51 +08:00
/*
URL sanitize: reject URLs containing bad data Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
2011-12-23 20:24:16 +08:00
* Curl_urldecode() URL decodes the given string.
*
* Returns a pointer to a malloced string in *ostring with length given in
* *olen. If length == 0, the length is assumed to be strlen(string).
*
escape: make the URL decode able to reject only %00 bytes ... or all "control codes" or nothing. Assisted-by: Nicolas Sterchele
2020-06-23 22:13:50 +08:00
* ctrl options:
* - REJECT_NADA: accept everything
* - REJECT_CTRL: rejects control characters (byte codes lower than 32) in
* the data
* - REJECT_ZERO: rejects decoded zero bytes
*
* The values for the enum starts at 2, to make the assert detect legacy
* invokes that used TRUE/FALSE (0 and 1).
Added const to some pointer variables
2008-10-08 09:17:51 +08:00
*/
escape: make the URL decode able to reject only %00 bytes ... or all "control codes" or nothing. Assisted-by: Nicolas Sterchele
2020-06-23 22:13:50 +08:00
lib: remove support for CURL_DOES_CONVERSIONS TPF was the only user and support for that was dropped. Closes #8378
2022-02-03 20:04:30 +08:00
CURLcode Curl_urldecode(const char *string, size_t length,
URL sanitize: reject URLs containing bad data Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
2011-12-23 20:24:16 +08:00
char **ostring, size_t *olen,
escape: make the URL decode able to reject only %00 bytes ... or all "control codes" or nothing. Assisted-by: Nicolas Sterchele
2020-06-23 22:13:50 +08:00
enum urlreject ctrl)
Initial revision
1999-12-29 22:20:26 +08:00
{
url: accept "any length" credentials for proxy auth They're only limited to the maximum string input restrictions, not to 256 bytes. Added test 1178 to verify Reported-by: Will Roberts Fixes #5448 Closes #5449
2020-05-25 21:38:36 +08:00
size_t alloc;
char *ns;
include header for our printfs
2004-06-24 22:35:45 +08:00
url: accept "any length" credentials for proxy auth They're only limited to the maximum string input restrictions, not to 256 bytes. Added test 1178 to verify Reported-by: Will Roberts Fixes #5448 Closes #5449
2020-05-25 21:38:36 +08:00
DEBUGASSERT(string);
escape: make the URL decode able to reject only %00 bytes ... or all "control codes" or nothing. Assisted-by: Nicolas Sterchele
2020-06-23 22:13:50 +08:00
DEBUGASSERT(ctrl >= REJECT_NADA); /* crash on TRUE/FALSE */
url: accept "any length" credentials for proxy auth They're only limited to the maximum string input restrictions, not to 256 bytes. Added test 1178 to verify Reported-by: Will Roberts Fixes #5448 Closes #5449
2020-05-25 21:38:36 +08:00
escape: hex decode with a lookup-table Makes the decoding 2.8 times faster in my tests. Closes #10376
2023-01-31 16:36:07 +08:00
alloc = (length?length:strlen(string));
ns = malloc(alloc + 1);
url: accept "any length" credentials for proxy auth They're only limited to the maximum string input restrictions, not to 256 bytes. Added test 1178 to verify Reported-by: Will Roberts Fixes #5448 Closes #5449
2020-05-25 21:38:36 +08:00
CURL_DOES_CONVERSIONS: cleanup Massively reduce #ifdefs all over (23 #ifdef lines less so far) Moved conversion-specific code to non-ascii.c
2011-04-20 06:48:20 +08:00
if(!ns)
URL sanitize: reject URLs containing bad data Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
2011-12-23 20:24:16 +08:00
return CURLE_OUT_OF_MEMORY;
include header for our printfs
2004-06-24 22:35:45 +08:00
escape: hex decode with a lookup-table Makes the decoding 2.8 times faster in my tests. Closes #10376
2023-01-31 16:36:07 +08:00
/* store output string */
*ostring = ns;
while(alloc) {
cppcheck: fix warnings - Get rid of variable that was generating false positive warning (unitialized) - Fix issues in tests - Reduce scope of several variables all over etc Closes #2631
2018-06-03 04:52:56 +08:00
unsigned char in = *string;
Curl_urldecode: no peeking beyond end of input buffer Security problem: CVE-2013-2174 If a program would give a string like "%FF" to curl_easy_unescape() but ask for it to decode only the first byte, it would still parse and decode the full hex sequence. The function then not only read beyond the allowed buffer but it would also deduct the *unsigned* counter variable for how many more bytes there's left to read in the buffer by two, making the counter wrap. Continuing this, the function would go on reading beyond the buffer and soon writing beyond the allocated target buffer... Bug: http://curl.haxx.se/docs/adv_20130622.html Reported-by: Timo Sirainen
2013-05-20 05:24:29 +08:00
if(('%' == in) && (alloc > 2) &&
ISXDIGIT(string[1]) && ISXDIGIT(string[2])) {
David Balazic pointed out the lack of checks for a valid %XX code when we unescape a string. We now check and decode only valid %XX strings.
2003-05-21 23:53:59 +08:00
/* this is two hexadecimal digits following a '%' */
escape: hex decode with a lookup-table Makes the decoding 2.8 times faster in my tests. Closes #10376
2023-01-31 16:36:07 +08:00
in = (unsigned char)(onehex2dec(string[1]) << 4) | onehex2dec(string[2]);
First commit of David McCreedy's EBCDIC and TPF changes.
2006-04-08 05:50:47 +08:00
escape: hex decode with a lookup-table Makes the decoding 2.8 times faster in my tests. Closes #10376
2023-01-31 16:36:07 +08:00
string += 3;
alloc -= 3;
}
else {
string++;
alloc--;
the new escape/unescape function setup
2001-03-22 19:40:58 +08:00
}
code cleanup: We prefer 'CURLcode result'
2014-10-29 06:42:42 +08:00
escape: make the URL decode able to reject only %00 bytes ... or all "control codes" or nothing. Assisted-by: Nicolas Sterchele
2020-06-23 22:13:50 +08:00
if(((ctrl == REJECT_CTRL) && (in < 0x20)) ||
((ctrl == REJECT_ZERO) && (in == 0))) {
escape: hex decode with a lookup-table Makes the decoding 2.8 times faster in my tests. Closes #10376
2023-01-31 16:36:07 +08:00
Curl_safefree(*ostring);
URL sanitize: reject URLs containing bad data Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
2011-12-23 20:24:16 +08:00
return CURLE_URL_MALFORMAT;
}
include header for our printfs
2004-06-24 22:35:45 +08:00
escape: hex decode with a lookup-table Makes the decoding 2.8 times faster in my tests. Closes #10376
2023-01-31 16:36:07 +08:00
*ns++ = in;
the new escape/unescape function setup
2001-03-22 19:40:58 +08:00
}
escape: hex decode with a lookup-table Makes the decoding 2.8 times faster in my tests. Closes #10376
2023-01-31 16:36:07 +08:00
*ns = 0; /* terminate it */
First commit of David McCreedy's EBCDIC and TPF changes.
2006-04-08 05:50:47 +08:00
if(olen)
/* store output size */
escape: hex decode with a lookup-table Makes the decoding 2.8 times faster in my tests. Closes #10376
2023-01-31 16:36:07 +08:00
*olen = ns - *ostring;
URL sanitize: reject URLs containing bad data Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
2011-12-23 20:24:16 +08:00
return CURLE_OK;
}
/*
* Unescapes the given URL escaped string of given length. Returns a
* pointer to a malloced string with length given in *olen.
* If length == 0, the length is assumed to be strlen(string).
* If olen == NULL, no output length is stored.
docs: explain curl_easy_escape/unescape curl handle is ignored 26101421 (precedes 7.82.0) removed character conversion support used by very old legacy operating systems and since then the curl handle passed to curl_easy_escape/unescape is always ignored. Bug: https://github.com/curl/curl/discussions/9115 Reported-by: Ted Lyngmo Closes https://github.com/curl/curl/pull/9121
2022-07-08 14:04:35 +08:00
* 'data' is ignored since 7.82.0.
URL sanitize: reject URLs containing bad data Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
2011-12-23 20:24:16 +08:00
*/
typedefs: use the full structs in internal code... ... and save the typedef'ed names for headers and external APIs.
2016-06-22 01:31:24 +08:00
char *curl_easy_unescape(struct Curl_easy *data, const char *string,
int length, int *olen)
URL sanitize: reject URLs containing bad data Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
2011-12-23 20:24:16 +08:00
{
char *str = NULL;
lib: remove support for CURL_DOES_CONVERSIONS TPF was the only user and support for that was dropped. Closes #8378
2022-02-03 20:04:30 +08:00
(void)data;
curl_easy_unescape: deny negative string lengths as input CVE-2016-7167 Bug: https://curl.haxx.se/docs/adv_20160914.html
2016-09-14 05:00:50 +08:00
if(length >= 0) {
lib: fix some type mismatches and remove unneeded typecasts Many of these castings are unneeded if we change the variables to work better with each other. Ref: https://github.com/curl/curl/pull/9823 Closes https://github.com/curl/curl/pull/9835
2022-10-29 00:32:09 +08:00
size_t inputlen = (size_t)length;
curl_easy_unescape: deny negative string lengths as input CVE-2016-7167 Bug: https://curl.haxx.se/docs/adv_20160914.html
2016-09-14 05:00:50 +08:00
size_t outputlen;
lib: remove support for CURL_DOES_CONVERSIONS TPF was the only user and support for that was dropped. Closes #8378
2022-02-03 20:04:30 +08:00
CURLcode res = Curl_urldecode(string, inputlen, &str, &outputlen,
escape: make the URL decode able to reject only %00 bytes ... or all "control codes" or nothing. Assisted-by: Nicolas Sterchele
2020-06-23 22:13:50 +08:00
REJECT_NADA);
curl_easy_unescape: deny negative string lengths as input CVE-2016-7167 Bug: https://curl.haxx.se/docs/adv_20160914.html
2016-09-14 05:00:50 +08:00
if(res)
return NULL;
unescape: avoid integer overflow CVE-2016-8622 Bug: https://curl.haxx.se/docs/adv_20161102H.html Reported-by: Cure53
2016-10-05 00:56:45 +08:00
if(olen) {
if(outputlen <= (size_t) INT_MAX)
*olen = curlx_uztosi(outputlen);
else
/* too large to return in an int, fail! */
Curl_safefree(str);
}
curl_easy_unescape: deny negative string lengths as input CVE-2016-7167 Bug: https://curl.haxx.se/docs/adv_20160914.html
2016-09-14 05:00:50 +08:00
}
URL sanitize: reject URLs containing bad data Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
2011-12-23 20:24:16 +08:00
return str;
Initial revision
1999-12-29 22:20:26 +08:00
}
Added formatting sections for emacs and vim
2001-09-07 12:01:32 +08:00
David Balazic pointed out the lack of checks for a valid %XX code when we unescape a string. We now check and decode only valid %XX strings.
2003-05-21 23:53:59 +08:00
/* For operating systems/environments that use different malloc/free
Factored out Curl_isalnum
2008-09-10 05:15:50 +08:00
systems for the app and for this library, we provide a free that uses
David Balazic pointed out the lack of checks for a valid %XX code when we unescape a string. We now check and decode only valid %XX strings.
2003-05-21 23:53:59 +08:00
the library's memory system */
Walter J. Mack added curl_free
2002-09-25 20:26:07 +08:00
void curl_free(void *p)
{
Bug #149: Deletion of unnecessary checks before calls of the function "free" The function "free" is documented in the way that no action shall occur for a passed null pointer. It is therefore not needed that a function caller repeats a corresponding check. http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first This issue was fixed by using the software Coccinelle 1.0.0-rc24. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-12 00:41:01 +08:00
free(p);
Walter J. Mack added curl_free
2002-09-25 20:26:07 +08:00
}
lib: provide and use Curl_hexencode Generates a lower case ASCII hex output from a binary input. Closes #11990
2023-09-30 00:06:49 +08:00
/*
* Curl_hexencode()
*
* Converts binary input to lowercase hex-encoded ASCII output.
* Null-terminated.
*/
void Curl_hexencode(const unsigned char *src, size_t len, /* input length */
unsigned char *out, size_t olen) /* output buffer size */
{
const char *hex = "0123456789abcdef";
DEBUGASSERT(src && len && (olen >= 3));
if(src && len && (olen >= 3)) {
while(len-- && (olen >= 3)) {
/* clang-tidy warns on this line without this comment: */
/* NOLINTNEXTLINE(clang-analyzer-core.UndefinedBinaryOperatorResult) */
*out++ = hex[(*src & 0xF0)>>4];
*out++ = hex[*src & 0x0F];
++src;
olen -= 2;
}
*out = 0;
}
else if(olen)
*out = 0;
}
Reference in New Issue Copy Permalink