1 --- lib/escape.c 2010-10-01 13:48:39.000000000 -0700 |
|
2 +++ lib/escape.c 2012-01-26 10:54:22.962290288 -0800 |
|
3 @@ -88,7 +88,7 @@ |
|
4 char *testing_ptr = NULL; |
|
5 unsigned char in; /* we need to treat the characters unsigned */ |
|
6 size_t newlen = alloc; |
|
7 - int strindex=0; |
|
8 + size_t strindex=0; |
|
9 size_t length; |
|
10 |
|
11 #ifndef CURL_DOES_CONVERSIONS |
|
12 @@ -143,26 +143,25 @@ |
|
13 } |
|
14 |
|
15 /* |
|
16 - * Unescapes the given URL escaped string of given length. Returns a |
|
17 - * pointer to a malloced string with length given in *olen. |
|
18 - * If length == 0, the length is assumed to be strlen(string). |
|
19 - * If olen == NULL, no output length is stored. |
|
20 + * Curl_urldecode() URL decodes the given string. |
|
21 + * |
|
22 + * Optionally detects control characters (byte codes lower than 32) in the |
|
23 + * *olen. If length == 0, the length is assumed to be strlen(string). |
|
24 */ |
|
25 -char *curl_easy_unescape(CURL *handle, const char *string, int length, |
|
26 - int *olen) |
|
27 +CURLcode Curl_urldecode(struct SessionHandle *data, |
|
28 + const char *string, size_t length, |
|
29 + char **ostring, size_t *olen, |
|
30 + bool reject_ctrl) |
|
31 { |
|
32 - int alloc = (length?length:(int)strlen(string))+1; |
|
33 + size_t alloc = (length?length:strlen(string))+1; |
|
34 char *ns = malloc(alloc); |
|
35 unsigned char in; |
|
36 - int strindex=0; |
|
37 + size_t strindex=0; |
|
38 unsigned long hex; |
|
39 + CURLcode res; |
|
40 |
|
41 -#ifndef CURL_DOES_CONVERSIONS |
|
42 - /* avoid compiler warnings */ |
|
43 - (void)handle; |
|
44 -#endif |
|
45 if( !ns ) |
|
46 - return NULL; |
|
47 + return CURLE_OUT_OF_MEMORY; |
|
48 |
|
49 while(--alloc > 0) { |
|
50 in = *string; |
|
51 @@ -180,17 +179,21 @@ |
|
52 |
|
53 #ifdef CURL_DOES_CONVERSIONS |
|
54 /* escape sequences are always in ASCII so convert them on non-ASCII hosts */ |
|
55 - if(!handle || |
|
56 - (Curl_convert_from_network(handle, &in, 1) != CURLE_OK)) { |
|
57 + res = Curl_convert_from_network(data, &in, 1); |
|
58 + if(res) { |
|
59 /* Curl_convert_from_network calls failf if unsuccessful */ |
|
60 free(ns); |
|
61 - return NULL; |
|
62 + return res; |
|
63 } |
|
64 #endif /* CURL_DOES_CONVERSIONS */ |
|
65 |
|
66 string+=2; |
|
67 alloc-=2; |
|
68 } |
|
69 + if(reject_ctrl && (in < 0x20)) { |
|
70 + free(ns); |
|
71 + return CURLE_URL_MALFORMAT; |
|
72 + } |
|
73 |
|
74 ns[strindex++] = in; |
|
75 string++; |
|
76 @@ -200,7 +203,34 @@ |
|
77 if(olen) |
|
78 /* store output size */ |
|
79 *olen = strindex; |
|
80 - return ns; |
|
81 + |
|
82 + if(ostring) |
|
83 + /* store output string */ |
|
84 + *ostring = ns; |
|
85 + |
|
86 + return CURLE_OK; |
|
87 +} |
|
88 + |
|
89 + |
|
90 +/* |
|
91 + * Unescapes the given URL escaped string of given length. Returns a |
|
92 + * pointer to a malloced string with length given in *olen. |
|
93 + * If length == 0, the length is assumed to be strlen(string). |
|
94 + * If olen == NULL, no output length is stored. |
|
95 + */ |
|
96 +char *curl_easy_unescape(CURL *handle, const char *string, int length, |
|
97 + int *olen) |
|
98 +{ |
|
99 + char *str = NULL; |
|
100 + size_t inputlen = length; |
|
101 + size_t outputlen; |
|
102 + CURLcode res = Curl_urldecode(handle, string, inputlen, &str, &outputlen, |
|
103 + FALSE); |
|
104 + if(res) |
|
105 + return NULL; |
|
106 + if(olen) |
|
107 + *olen = curlx_uztosi(outputlen); |
|
108 + return str; |
|
109 } |
|
110 |
|
111 /* For operating systems/environments that use different malloc/free |
|
112 --- lib/escape.h 2010-09-18 14:00:21.000000000 -0700 |
|
113 +++ lib/escape.h 2012-01-26 09:42:20.936213952 -0800 |
|
114 @@ -1,5 +1,5 @@ |
|
115 -#ifndef __ESCAPE_H |
|
116 -#define __ESCAPE_H |
|
117 +#ifndef HEADER_CURL_ESCAPE_H |
|
118 +#define HEADER_CURL_ESCAPE_H |
|
119 |
|
120 /*************************************************************************** |
|
121 * _ _ ____ _ |
|
122 @@ -8,7 +8,7 @@ |
|
123 * | (__| |_| | _ <| |___ |
|
124 * \___|\___/|_| \_\_____| |
|
125 * |
|
126 - * Copyright (C) 1998 - 2006, Daniel Stenberg, <[email protected]>, et al. |
|
127 + * Copyright (C) 1998 - 2011, Daniel Stenberg, <[email protected]>, et al. |
|
128 * |
|
129 * This software is licensed as described in the file COPYING, which |
|
130 * you should have received as part of this distribution. The terms |
|
131 @@ -25,5 +25,9 @@ |
|
132 /* Escape and unescape URL encoding in strings. The functions return a new |
|
133 * allocated string or NULL if an error occurred. */ |
|
134 |
|
135 +CURLcode Curl_urldecode(struct SessionHandle *data, |
|
136 + const char *string, size_t length, |
|
137 + char **ostring, size_t *olen, |
|
138 + bool reject_crlf); |
|
139 |
|
140 #endif |
|
141 --- lib/imap.c 2010-09-18 14:00:21.000000000 -0700 |
|
142 +++ lib/imap.c 2012-01-26 09:35:07.180464878 -0800 |
|
143 @@ -906,17 +906,12 @@ |
|
144 struct imap_conn *imapc = &conn->proto.imapc; |
|
145 struct SessionHandle *data = conn->data; |
|
146 const char *path = data->state.path; |
|
147 - int len; |
|
148 |
|
149 if(!*path) |
|
150 path = "INBOX"; |
|
151 |
|
152 /* url decode the path and use this mailbox */ |
|
153 - imapc->mailbox = curl_easy_unescape(data, path, 0, &len); |
|
154 - if(!imapc->mailbox) |
|
155 - return CURLE_OUT_OF_MEMORY; |
|
156 - |
|
157 - return CURLE_OK; |
|
158 + return Curl_urldecode(data, path, 0, &imapc->mailbox, NULL, TRUE); |
|
159 } |
|
160 |
|
161 /* call this when the DO phase has completed */ |
|
162 --- lib/pop3.c 2010-09-18 14:00:21.000000000 -0700 |
|
163 +++ lib/pop3.c 2012-01-26 09:35:47.059691860 -0800 |
|
164 @@ -852,11 +852,7 @@ |
|
165 const char *path = data->state.path; |
|
166 |
|
167 /* url decode the path and use this mailbox */ |
|
168 - pop3c->mailbox = curl_easy_unescape(data, path, 0, NULL); |
|
169 - if (!pop3c->mailbox) |
|
170 - return CURLE_OUT_OF_MEMORY; |
|
171 - |
|
172 - return CURLE_OK; |
|
173 + return Curl_urldecode(data, path, 0, &pop3c->mailbox, NULL, TRUE); |
|
174 } |
|
175 |
|
176 /* call this when the DO phase has completed */ |
|
177 --- lib/smtp.c 2010-10-12 13:56:21.000000000 -0700 |
|
178 +++ lib/smtp.c 2012-01-26 09:38:03.856720962 -0800 |
|
179 @@ -1045,7 +1045,6 @@ |
|
180 struct SessionHandle *data=conn->data; |
|
181 struct pingpong *pp=&smtpc->pp; |
|
182 const char *path = conn->data->state.path; |
|
183 - int len; |
|
184 char localhost[1024 + 1]; |
|
185 |
|
186 *done = FALSE; /* default to not done yet */ |
|
187 @@ -1119,9 +1118,9 @@ |
|
188 } |
|
189 |
|
190 /* url decode the path and use it as domain with EHLO */ |
|
191 - smtpc->domain = curl_easy_unescape(conn->data, path, 0, &len); |
|
192 - if(!smtpc->domain) |
|
193 - return CURLE_OUT_OF_MEMORY; |
|
194 + result = Curl_urldecode(conn->data, path, 0, &smtpc->domain, NULL, TRUE); |
|
195 + if(result) |
|
196 + return result; |
|
197 |
|
198 /* When we connect, we start in the state where we await the server greeting |
|
199 */ |
|