Alex Fishman reported a curl_easy_escape() problem that was made the

function do wrong on all input bytes that are >= 0x80 (decimal 128) due to a signed / unsigned mistake in the code. I fixed it and added test case 543 to verify.
2025-02-23 15:10:03 +08:00 · 2007-09-30 22:40:24 +00:00 · 2007-09-30 22:40:24 +00:00 · ec08e2f9f2
commit ec08e2f9f2
parent 38dd0ede9d
7 changed files with 82 additions and 6 deletions
--- a/6
+++ b/6
@ -6,6 +6,12 @@
                                  Changelog
 Daniel S (1 October 2007)
 - Alex Fishman reported a curl_easy_escape() problem that was made the
  function do wrong on all input bytes that are >= 0x80 (decimal 128) due to a
  signed / unsigned mistake in the code. I fixed it and added test case 543 to
  verify.
 Daniel S (29 September 2007)
 - Immanuel Gregoire fixed a problem with persistent transfers over SFTP.
--- a/5
+++ b/5
@ -27,7 +27,8 @@ This release includes the following bugfixes:
 o --ftp-method nocwd on directory listings
 o FTP, CURLOPT_NOBODY enabled and CURLOPT_HEADER disabled now does TYPE
   before SIZE
- o persistent transfers over SFTP
+ o re-used handle transfers with SFTP
 o curl_easy_escape() problem with byte values >= 128
 This release includes the following known bugs:
@ -45,6 +46,6 @@ This release would not have looked like this without help, code, reports and
 advice from friends like these:
 Dan Fandrich, Michal Marek, Günter Knauf, Rob Crittenden, Immanuel Gregoire,
- Mark Davies, Max Katsev, Philip Langdale
+ Mark Davies, Max Katsev, Philip Langdale, Alex Fishman
        Thanks! (and sorry if I forgot to mention someone)
--- a/lib/escape.c
+++ b/lib/escape.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -59,7 +59,7 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength)
  size_t alloc = (inlength?(size_t)inlength:strlen(string))+1;
  char *ns;
  char *testing_ptr = NULL;
-  char in;
+  unsigned char in; /* we need to treat the characters unsigned */
  size_t newlen = alloc;
  int strindex=0;
  size_t length;
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@ -44,4 +44,4 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46	   \
 test409 test613 test614 test700 test701 test702 test704 test705 test703   \
 test706 test707 test350 test351 test352 test353 test289 test540 test354   \
 test231 test1000 test1001 test1002 test1003 test1004 test1005 test1006    \
- test615 test1007 test541 test1010 test1011 test1012
+ test615 test1007 test541 test1010 test1011 test1012 test542 test543
--- a/tests/data/test543
+++ b/tests/data/test543
@ -0,0 +1,35 @@
 <testcase>
 <info>
 <keywords>
 curl_easy_escape
 </keywords>
 </info>
 # Server-side
 # Client-side
 <client>
 <server>
 none
 </server>
 <tool>
 lib543
 </tool>
 <name>
 curl_easy_escape
 </name>
 <command>
 -
 </command>
 </client>
 # Verify data after the test has been "shot"
 #
 # There's no MTDM in the protocol here since this code doesn't ask for the
 # time/date of the file
 <verify>
 <stdout>
 %9C%26K%3DI%04%A1%01%E0%D8%7C%20%B7%EFS%29%FA%1DW%E1
 </stdout>
 </verify>
 </testcase>
--- a/tests/libtest/Makefile.am
+++ b/tests/libtest/Makefile.am
@ -47,7 +47,7 @@ SUPPORTFILES = first.c test.h
 noinst_PROGRAMS = lib500 lib501 lib502 lib503 lib504 lib505 lib506	\
  lib507 lib508 lib509 lib510 lib511 lib512 lib513 lib514 lib515 lib516	\
  lib517 lib518 lib519 lib520 lib521 lib523 lib524 lib525 lib526 lib527	\
-  lib529 lib530 lib532 lib533 lib536 lib537 lib540 lib541 lib542
+  lib529 lib530 lib532 lib533 lib536 lib537 lib540 lib541 lib542 lib543
 # Dependencies (may need to be overriden)
 LDADD = $(LIBDIR)/libcurl.la
@ -130,3 +130,5 @@ lib540_SOURCES = lib540.c $(SUPPORTFILES)
 lib541_SOURCES = lib541.c $(SUPPORTFILES)
 lib542_SOURCES = lib542.c $(SUPPORTFILES)
 lib543_SOURCES = lib543.c $(SUPPORTFILES)
--- a/tests/libtest/lib543.c
+++ b/tests/libtest/lib543.c
@ -0,0 +1,32 @@
 /*****************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * $Id$
 *
 * Based on Alex Fishman's bug report on September 30, 2007
 */
 #include "setup.h"
 #include "test.h"
 int test(char *URL)
 {
  unsigned char a[] = {0x9c, 0x26, 0x4b, 0x3d, 0x49, 0x4, 0xa1, 0x1,
                       0xe0, 0xd8, 0x7c,  0x20, 0xb7, 0xef, 0x53, 0x29, 0xfa,
                       0x1d, 0x57, 0xe1};
  CURL* easy  = curl_easy_init();
  char* s = curl_easy_escape(easy, (char*)a, sizeof(a));
  (void)URL;
  printf("%s\n", s);
  curl_free(s);
  curl_easy_cleanup(easy);
  return 0;
 }