1 | /*************************************************************************** |
2 | * _ _ ____ _ |
3 | * Project ___| | | | _ \| | |
4 | * / __| | | | |_) | | |
5 | * | (__| |_| | _ <| |___ |
6 | * \___|\___/|_| \_\_____| |
7 | * |
8 | * Copyright (C) 1998 - 2022, Daniel Stenberg, <[email protected]>, et al. |
9 | * |
10 | * This software is licensed as described in the file COPYING, which |
11 | * you should have received as part of this distribution. The terms |
12 | * are also available at https://curl.se/docs/copyright.html. |
13 | * |
14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
15 | * copies of the Software, and permit persons to whom the Software is |
16 | * furnished to do so, under the terms of the COPYING file. |
17 | * |
18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
19 | * KIND, either express or implied. |
20 | * |
21 | * SPDX-License-Identifier: curl |
22 | * |
23 | ***************************************************************************/ |
24 | |
25 | #include "curl_setup.h" |
26 | |
27 | #include <curl/curl.h> |
28 | |
29 | #include "dotdot.h" |
30 | #include "curl_memory.h" |
31 | |
32 | /* The last #include file should be: */ |
33 | #include "memdebug.h" |
34 | |
35 | /* |
36 | * "Remove Dot Segments" |
37 | * https://datatracker.ietf.org/doc/html/rfc3986#section-5.2.4 |
38 | */ |
39 | |
40 | /* |
41 | * Curl_dedotdotify() |
42 | * @unittest: 1395 |
43 | * |
44 | * This function gets a null-terminated path with dot and dotdot sequences |
45 | * passed in and strips them off according to the rules in RFC 3986 section |
46 | * 5.2.4. |
47 | * |
48 | * The function handles a query part ('?' + stuff) appended but it expects |
49 | * that fragments ('#' + stuff) have already been cut off. |
50 | * |
51 | * RETURNS |
52 | * |
53 | * an allocated dedotdotified output string |
54 | */ |
55 | char *Curl_dedotdotify(const char *input) |
56 | { |
57 | size_t inlen = strlen(input); |
58 | char *clone; |
59 | size_t clen = inlen; /* the length of the cloned input */ |
60 | char *out = malloc(inlen + 1); |
61 | char *outptr; |
62 | char *orgclone; |
63 | char *queryp; |
64 | if(!out) |
65 | return NULL; /* out of memory */ |
66 | |
67 | *out = 0; /* null-terminates, for inputs like "./" */ |
68 | |
69 | /* get a cloned copy of the input */ |
70 | clone = strdup(input); |
71 | if(!clone) { |
72 | free(out); |
73 | return NULL; |
74 | } |
75 | orgclone = clone; |
76 | outptr = out; |
77 | |
78 | if(!*clone) { |
79 | /* zero length string, return that */ |
80 | free(out); |
81 | return clone; |
82 | } |
83 | |
84 | /* |
85 | * To handle query-parts properly, we must find it and remove it during the |
86 | * dotdot-operation and then append it again at the end to the output |
87 | * string. |
88 | */ |
89 | queryp = strchr(clone, '?'); |
90 | if(queryp) |
91 | *queryp = 0; |
92 | |
93 | do { |
94 | |
95 | /* A. If the input buffer begins with a prefix of "../" or "./", then |
96 | remove that prefix from the input buffer; otherwise, */ |
97 | |
98 | if(!strncmp("./" , clone, 2)) { |
99 | clone += 2; |
100 | clen -= 2; |
101 | } |
102 | else if(!strncmp("../" , clone, 3)) { |
103 | clone += 3; |
104 | clen -= 3; |
105 | } |
106 | |
107 | /* B. if the input buffer begins with a prefix of "/./" or "/.", where |
108 | "." is a complete path segment, then replace that prefix with "/" in |
109 | the input buffer; otherwise, */ |
110 | else if(!strncmp("/./" , clone, 3)) { |
111 | clone += 2; |
112 | clen -= 2; |
113 | } |
114 | else if(!strcmp("/." , clone)) { |
115 | clone[1]='/'; |
116 | clone++; |
117 | clen -= 1; |
118 | } |
119 | |
120 | /* C. if the input buffer begins with a prefix of "/../" or "/..", where |
121 | ".." is a complete path segment, then replace that prefix with "/" in |
122 | the input buffer and remove the last segment and its preceding "/" (if |
123 | any) from the output buffer; otherwise, */ |
124 | |
125 | else if(!strncmp("/../" , clone, 4)) { |
126 | clone += 3; |
127 | clen -= 3; |
128 | /* remove the last segment from the output buffer */ |
129 | while(outptr > out) { |
130 | outptr--; |
131 | if(*outptr == '/') |
132 | break; |
133 | } |
134 | *outptr = 0; /* null-terminate where it stops */ |
135 | } |
136 | else if(!strcmp("/.." , clone)) { |
137 | clone[2]='/'; |
138 | clone += 2; |
139 | clen -= 2; |
140 | /* remove the last segment from the output buffer */ |
141 | while(outptr > out) { |
142 | outptr--; |
143 | if(*outptr == '/') |
144 | break; |
145 | } |
146 | *outptr = 0; /* null-terminate where it stops */ |
147 | } |
148 | |
149 | /* D. if the input buffer consists only of "." or "..", then remove |
150 | that from the input buffer; otherwise, */ |
151 | |
152 | else if(!strcmp("." , clone) || !strcmp(".." , clone)) { |
153 | *clone = 0; |
154 | *out = 0; |
155 | } |
156 | |
157 | else { |
158 | /* E. move the first path segment in the input buffer to the end of |
159 | the output buffer, including the initial "/" character (if any) and |
160 | any subsequent characters up to, but not including, the next "/" |
161 | character or the end of the input buffer. */ |
162 | |
163 | do { |
164 | *outptr++ = *clone++; |
165 | clen--; |
166 | } while(*clone && (*clone != '/')); |
167 | *outptr = 0; |
168 | } |
169 | |
170 | } while(*clone); |
171 | |
172 | if(queryp) { |
173 | size_t qlen; |
174 | /* There was a query part, append that to the output. The 'clone' string |
175 | may now have been altered so we copy from the original input string |
176 | from the correct index. */ |
177 | size_t oindex = queryp - orgclone; |
178 | qlen = strlen(&input[oindex]); |
179 | memcpy(outptr, &input[oindex], qlen + 1); /* include the end zero byte */ |
180 | } |
181 | |
182 | free(orgclone); |
183 | return out; |
184 | } |
185 | |