| 1 | /*************************************************************************** |
|---|---|
| 2 | * _ _ ____ _ |
| 3 | * Project ___| | | | _ \| | |
| 4 | * / __| | | | |_) | | |
| 5 | * | (__| |_| | _ <| |___ |
| 6 | * \___|\___/|_| \_\_____| |
| 7 | * |
| 8 | * Copyright (C) 1998 - 2022, Daniel Stenberg, <[email protected]>, et al. |
| 9 | * |
| 10 | * This software is licensed as described in the file COPYING, which |
| 11 | * you should have received as part of this distribution. The terms |
| 12 | * are also available at https://curl.se/docs/copyright.html. |
| 13 | * |
| 14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
| 15 | * copies of the Software, and permit persons to whom the Software is |
| 16 | * furnished to do so, under the terms of the COPYING file. |
| 17 | * |
| 18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
| 19 | * KIND, either express or implied. |
| 20 | * |
| 21 | * SPDX-License-Identifier: curl |
| 22 | * |
| 23 | ***************************************************************************/ |
| 24 | |
| 25 | /* Escape and unescape URL encoding in strings. The functions return a new |
| 26 | * allocated string or NULL if an error occurred. */ |
| 27 | |
| 28 | #include "curl_setup.h" |
| 29 | |
| 30 | #include <curl/curl.h> |
| 31 | |
| 32 | #include "urldata.h" |
| 33 | #include "warnless.h" |
| 34 | #include "escape.h" |
| 35 | #include "strdup.h" |
| 36 | /* The last 3 #include files should be in this order */ |
| 37 | #include "curl_printf.h" |
| 38 | #include "curl_memory.h" |
| 39 | #include "memdebug.h" |
| 40 | |
| 41 | /* Portable character check (remember EBCDIC). Do not use isalnum() because |
| 42 | its behavior is altered by the current locale. |
| 43 | See https://datatracker.ietf.org/doc/html/rfc3986#section-2.3 |
| 44 | */ |
| 45 | bool Curl_isunreserved(unsigned char in) |
| 46 | { |
| 47 | switch(in) { |
| 48 | case '0': case '1': case '2': case '3': case '4': |
| 49 | case '5': case '6': case '7': case '8': case '9': |
| 50 | case 'a': case 'b': case 'c': case 'd': case 'e': |
| 51 | case 'f': case 'g': case 'h': case 'i': case 'j': |
| 52 | case 'k': case 'l': case 'm': case 'n': case 'o': |
| 53 | case 'p': case 'q': case 'r': case 's': case 't': |
| 54 | case 'u': case 'v': case 'w': case 'x': case 'y': case 'z': |
| 55 | case 'A': case 'B': case 'C': case 'D': case 'E': |
| 56 | case 'F': case 'G': case 'H': case 'I': case 'J': |
| 57 | case 'K': case 'L': case 'M': case 'N': case 'O': |
| 58 | case 'P': case 'Q': case 'R': case 'S': case 'T': |
| 59 | case 'U': case 'V': case 'W': case 'X': case 'Y': case 'Z': |
| 60 | case '-': case '.': case '_': case '~': |
| 61 | return TRUE; |
| 62 | default: |
| 63 | break; |
| 64 | } |
| 65 | return FALSE; |
| 66 | } |
| 67 | |
| 68 | /* for ABI-compatibility with previous versions */ |
| 69 | char *curl_escape(const char *string, int inlength) |
| 70 | { |
| 71 | return curl_easy_escape(NULL, string, inlength); |
| 72 | } |
| 73 | |
| 74 | /* for ABI-compatibility with previous versions */ |
| 75 | char *curl_unescape(const char *string, int length) |
| 76 | { |
| 77 | return curl_easy_unescape(NULL, string, length, NULL); |
| 78 | } |
| 79 | |
| 80 | /* Escapes for URL the given unescaped string of given length. |
| 81 | * 'data' is ignored since 7.82.0. |
| 82 | */ |
| 83 | char *curl_easy_escape(struct Curl_easy *data, const char *string, |
| 84 | int inlength) |
| 85 | { |
| 86 | size_t length; |
| 87 | struct dynbuf d; |
| 88 | (void)data; |
| 89 | |
| 90 | if(inlength < 0) |
| 91 | return NULL; |
| 92 | |
| 93 | Curl_dyn_init(&d, CURL_MAX_INPUT_LENGTH * 3); |
| 94 | |
| 95 | length = (inlength?(size_t)inlength:strlen(string)); |
| 96 | if(!length) |
| 97 | return strdup(""); |
| 98 | |
| 99 | while(length--) { |
| 100 | unsigned char in = *string; /* we need to treat the characters unsigned */ |
| 101 | |
| 102 | if(Curl_isunreserved(in)) { |
| 103 | /* append this */ |
| 104 | if(Curl_dyn_addn(&d, &in, 1)) |
| 105 | return NULL; |
| 106 | } |
| 107 | else { |
| 108 | /* encode it */ |
| 109 | if(Curl_dyn_addf(&d, "%%%02X", in)) |
| 110 | return NULL; |
| 111 | } |
| 112 | string++; |
| 113 | } |
| 114 | |
| 115 | return Curl_dyn_ptr(&d); |
| 116 | } |
| 117 | |
| 118 | /* |
| 119 | * Curl_urldecode() URL decodes the given string. |
| 120 | * |
| 121 | * Returns a pointer to a malloced string in *ostring with length given in |
| 122 | * *olen. If length == 0, the length is assumed to be strlen(string). |
| 123 | * |
| 124 | * ctrl options: |
| 125 | * - REJECT_NADA: accept everything |
| 126 | * - REJECT_CTRL: rejects control characters (byte codes lower than 32) in |
| 127 | * the data |
| 128 | * - REJECT_ZERO: rejects decoded zero bytes |
| 129 | * |
| 130 | * The values for the enum starts at 2, to make the assert detect legacy |
| 131 | * invokes that used TRUE/FALSE (0 and 1). |
| 132 | */ |
| 133 | |
| 134 | CURLcode Curl_urldecode(const char *string, size_t length, |
| 135 | char **ostring, size_t *olen, |
| 136 | enum urlreject ctrl) |
| 137 | { |
| 138 | size_t alloc; |
| 139 | char *ns; |
| 140 | size_t strindex = 0; |
| 141 | unsigned long hex; |
| 142 | |
| 143 | DEBUGASSERT(string); |
| 144 | DEBUGASSERT(ctrl >= REJECT_NADA); /* crash on TRUE/FALSE */ |
| 145 | |
| 146 | alloc = (length?length:strlen(string)) + 1; |
| 147 | ns = malloc(alloc); |
| 148 | |
| 149 | if(!ns) |
| 150 | return CURLE_OUT_OF_MEMORY; |
| 151 | |
| 152 | while(--alloc > 0) { |
| 153 | unsigned char in = *string; |
| 154 | if(('%' == in) && (alloc > 2) && |
| 155 | ISXDIGIT(string[1]) && ISXDIGIT(string[2])) { |
| 156 | /* this is two hexadecimal digits following a '%' */ |
| 157 | char hexstr[3]; |
| 158 | char *ptr; |
| 159 | hexstr[0] = string[1]; |
| 160 | hexstr[1] = string[2]; |
| 161 | hexstr[2] = 0; |
| 162 | |
| 163 | hex = strtoul(hexstr, &ptr, 16); |
| 164 | |
| 165 | in = curlx_ultouc(hex); /* this long is never bigger than 255 anyway */ |
| 166 | |
| 167 | string += 2; |
| 168 | alloc -= 2; |
| 169 | } |
| 170 | |
| 171 | if(((ctrl == REJECT_CTRL) && (in < 0x20)) || |
| 172 | ((ctrl == REJECT_ZERO) && (in == 0))) { |
| 173 | free(ns); |
| 174 | return CURLE_URL_MALFORMAT; |
| 175 | } |
| 176 | |
| 177 | ns[strindex++] = in; |
| 178 | string++; |
| 179 | } |
| 180 | ns[strindex] = 0; /* terminate it */ |
| 181 | |
| 182 | if(olen) |
| 183 | /* store output size */ |
| 184 | *olen = strindex; |
| 185 | |
| 186 | /* store output string */ |
| 187 | *ostring = ns; |
| 188 | |
| 189 | return CURLE_OK; |
| 190 | } |
| 191 | |
| 192 | /* |
| 193 | * Unescapes the given URL escaped string of given length. Returns a |
| 194 | * pointer to a malloced string with length given in *olen. |
| 195 | * If length == 0, the length is assumed to be strlen(string). |
| 196 | * If olen == NULL, no output length is stored. |
| 197 | * 'data' is ignored since 7.82.0. |
| 198 | */ |
| 199 | char *curl_easy_unescape(struct Curl_easy *data, const char *string, |
| 200 | int length, int *olen) |
| 201 | { |
| 202 | char *str = NULL; |
| 203 | (void)data; |
| 204 | if(length >= 0) { |
| 205 | size_t inputlen = length; |
| 206 | size_t outputlen; |
| 207 | CURLcode res = Curl_urldecode(string, inputlen, &str, &outputlen, |
| 208 | REJECT_NADA); |
| 209 | if(res) |
| 210 | return NULL; |
| 211 | |
| 212 | if(olen) { |
| 213 | if(outputlen <= (size_t) INT_MAX) |
| 214 | *olen = curlx_uztosi(outputlen); |
| 215 | else |
| 216 | /* too large to return in an int, fail! */ |
| 217 | Curl_safefree(str); |
| 218 | } |
| 219 | } |
| 220 | return str; |
| 221 | } |
| 222 | |
| 223 | /* For operating systems/environments that use different malloc/free |
| 224 | systems for the app and for this library, we provide a free that uses |
| 225 | the library's memory system */ |
| 226 | void curl_free(void *p) |
| 227 | { |
| 228 | free(p); |
| 229 | } |
| 230 |
Generated on 2022-Sep-26 from project tensorflow revision f2e850b6cce
Powered by 
Code Browser 2.1
Generator usage only permitted with license.