Line | Count | Source (jump to first uncovered line) |
1 | | /*************************************************************************** |
2 | | * _ _ ____ _ |
3 | | * Project ___| | | | _ \| | |
4 | | * / __| | | | |_) | | |
5 | | * | (__| |_| | _ <| |___ |
6 | | * \___|\___/|_| \_\_____| |
7 | | * |
8 | | * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. |
9 | | * |
10 | | * This software is licensed as described in the file COPYING, which |
11 | | * you should have received as part of this distribution. The terms |
12 | | * are also available at https://curl.se/docs/copyright.html. |
13 | | * |
14 | | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
15 | | * copies of the Software, and permit persons to whom the Software is |
16 | | * furnished to do so, under the terms of the COPYING file. |
17 | | * |
18 | | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
19 | | * KIND, either express or implied. |
20 | | * |
21 | | * SPDX-License-Identifier: curl |
22 | | * |
23 | | ***************************************************************************/ |
24 | | |
25 | | /* Escape and unescape URL encoding in strings. The functions return a new |
26 | | * allocated string or NULL if an error occurred. */ |
27 | | |
28 | | #include "curl_setup.h" |
29 | | |
30 | | #include <curl/curl.h> |
31 | | |
32 | | #include "urldata.h" |
33 | | #include "warnless.h" |
34 | | #include "escape.h" |
35 | | #include "strdup.h" |
36 | | /* The last 3 #include files should be in this order */ |
37 | | #include "curl_printf.h" |
38 | | #include "curl_memory.h" |
39 | | #include "memdebug.h" |
40 | | |
41 | | /* Portable character check (remember EBCDIC). Do not use isalnum() because |
42 | | its behavior is altered by the current locale. |
43 | | See https://datatracker.ietf.org/doc/html/rfc3986#section-2.3 |
44 | | */ |
45 | | bool Curl_isunreserved(unsigned char in) |
46 | 0 | { |
47 | 0 | switch(in) { |
48 | 0 | case '0': case '1': case '2': case '3': case '4': |
49 | 0 | case '5': case '6': case '7': case '8': case '9': |
50 | 0 | case 'a': case 'b': case 'c': case 'd': case 'e': |
51 | 0 | case 'f': case 'g': case 'h': case 'i': case 'j': |
52 | 0 | case 'k': case 'l': case 'm': case 'n': case 'o': |
53 | 0 | case 'p': case 'q': case 'r': case 's': case 't': |
54 | 0 | case 'u': case 'v': case 'w': case 'x': case 'y': case 'z': |
55 | 0 | case 'A': case 'B': case 'C': case 'D': case 'E': |
56 | 0 | case 'F': case 'G': case 'H': case 'I': case 'J': |
57 | 0 | case 'K': case 'L': case 'M': case 'N': case 'O': |
58 | 0 | case 'P': case 'Q': case 'R': case 'S': case 'T': |
59 | 0 | case 'U': case 'V': case 'W': case 'X': case 'Y': case 'Z': |
60 | 0 | case '-': case '.': case '_': case '~': |
61 | 0 | return TRUE; |
62 | 0 | default: |
63 | 0 | break; |
64 | 0 | } |
65 | 0 | return FALSE; |
66 | 0 | } |
67 | | |
68 | | /* for ABI-compatibility with previous versions */ |
69 | | char *curl_escape(const char *string, int inlength) |
70 | 0 | { |
71 | 0 | return curl_easy_escape(NULL, string, inlength); |
72 | 0 | } |
73 | | |
74 | | /* for ABI-compatibility with previous versions */ |
75 | | char *curl_unescape(const char *string, int length) |
76 | 0 | { |
77 | 0 | return curl_easy_unescape(NULL, string, length, NULL); |
78 | 0 | } |
79 | | |
80 | | /* Escapes for URL the given unescaped string of given length. |
81 | | * 'data' is ignored since 7.82.0. |
82 | | */ |
83 | | char *curl_easy_escape(struct Curl_easy *data, const char *string, |
84 | | int inlength) |
85 | 0 | { |
86 | 0 | size_t length; |
87 | 0 | struct dynbuf d; |
88 | 0 | (void)data; |
89 | |
|
90 | 0 | if(inlength < 0) |
91 | 0 | return NULL; |
92 | | |
93 | 0 | Curl_dyn_init(&d, CURL_MAX_INPUT_LENGTH * 3); |
94 | |
|
95 | 0 | length = (inlength?(size_t)inlength:strlen(string)); |
96 | 0 | if(!length) |
97 | 0 | return strdup(""); |
98 | | |
99 | 0 | while(length--) { |
100 | 0 | unsigned char in = *string++; /* treat the characters unsigned */ |
101 | |
|
102 | 0 | if(Curl_isunreserved(in)) { |
103 | | /* append this */ |
104 | 0 | if(Curl_dyn_addn(&d, &in, 1)) |
105 | 0 | return NULL; |
106 | 0 | } |
107 | 0 | else { |
108 | | /* encode it */ |
109 | 0 | const char hex[] = "0123456789ABCDEF"; |
110 | 0 | char out[3]={'%'}; |
111 | 0 | out[1] = hex[in>>4]; |
112 | 0 | out[2] = hex[in & 0xf]; |
113 | 0 | if(Curl_dyn_addn(&d, out, 3)) |
114 | 0 | return NULL; |
115 | 0 | } |
116 | 0 | } |
117 | | |
118 | 0 | return Curl_dyn_ptr(&d); |
119 | 0 | } |
120 | | |
121 | | static const unsigned char hextable[] = { |
122 | | 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, /* 0x30 - 0x3f */ |
123 | | 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x40 - 0x4f */ |
124 | | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x50 - 0x5f */ |
125 | | 0, 10, 11, 12, 13, 14, 15 /* 0x60 - 0x66 */ |
126 | | }; |
127 | | |
128 | | /* the input is a single hex digit */ |
129 | 0 | #define onehex2dec(x) hextable[x - '0'] |
130 | | |
131 | | /* |
132 | | * Curl_urldecode() URL decodes the given string. |
133 | | * |
134 | | * Returns a pointer to a malloced string in *ostring with length given in |
135 | | * *olen. If length == 0, the length is assumed to be strlen(string). |
136 | | * |
137 | | * ctrl options: |
138 | | * - REJECT_NADA: accept everything |
139 | | * - REJECT_CTRL: rejects control characters (byte codes lower than 32) in |
140 | | * the data |
141 | | * - REJECT_ZERO: rejects decoded zero bytes |
142 | | * |
143 | | * The values for the enum starts at 2, to make the assert detect legacy |
144 | | * invokes that used TRUE/FALSE (0 and 1). |
145 | | */ |
146 | | |
147 | | CURLcode Curl_urldecode(const char *string, size_t length, |
148 | | char **ostring, size_t *olen, |
149 | | enum urlreject ctrl) |
150 | 0 | { |
151 | 0 | size_t alloc; |
152 | 0 | char *ns; |
153 | |
|
154 | 0 | DEBUGASSERT(string); |
155 | 0 | DEBUGASSERT(ctrl >= REJECT_NADA); /* crash on TRUE/FALSE */ |
156 | | |
157 | 0 | alloc = (length?length:strlen(string)); |
158 | 0 | ns = malloc(alloc + 1); |
159 | |
|
160 | 0 | if(!ns) |
161 | 0 | return CURLE_OUT_OF_MEMORY; |
162 | | |
163 | | /* store output string */ |
164 | 0 | *ostring = ns; |
165 | |
|
166 | 0 | while(alloc) { |
167 | 0 | unsigned char in = *string; |
168 | 0 | if(('%' == in) && (alloc > 2) && |
169 | 0 | ISXDIGIT(string[1]) && ISXDIGIT(string[2])) { |
170 | | /* this is two hexadecimal digits following a '%' */ |
171 | 0 | in = (unsigned char)(onehex2dec(string[1]) << 4) | onehex2dec(string[2]); |
172 | |
|
173 | 0 | string += 3; |
174 | 0 | alloc -= 3; |
175 | 0 | } |
176 | 0 | else { |
177 | 0 | string++; |
178 | 0 | alloc--; |
179 | 0 | } |
180 | |
|
181 | 0 | if(((ctrl == REJECT_CTRL) && (in < 0x20)) || |
182 | 0 | ((ctrl == REJECT_ZERO) && (in == 0))) { |
183 | 0 | Curl_safefree(*ostring); |
184 | 0 | return CURLE_URL_MALFORMAT; |
185 | 0 | } |
186 | | |
187 | 0 | *ns++ = in; |
188 | 0 | } |
189 | 0 | *ns = 0; /* terminate it */ |
190 | |
|
191 | 0 | if(olen) |
192 | | /* store output size */ |
193 | 0 | *olen = ns - *ostring; |
194 | |
|
195 | 0 | return CURLE_OK; |
196 | 0 | } |
197 | | |
198 | | /* |
199 | | * Unescapes the given URL escaped string of given length. Returns a |
200 | | * pointer to a malloced string with length given in *olen. |
201 | | * If length == 0, the length is assumed to be strlen(string). |
202 | | * If olen == NULL, no output length is stored. |
203 | | * 'data' is ignored since 7.82.0. |
204 | | */ |
205 | | char *curl_easy_unescape(struct Curl_easy *data, const char *string, |
206 | | int length, int *olen) |
207 | 0 | { |
208 | 0 | char *str = NULL; |
209 | 0 | (void)data; |
210 | 0 | if(length >= 0) { |
211 | 0 | size_t inputlen = (size_t)length; |
212 | 0 | size_t outputlen; |
213 | 0 | CURLcode res = Curl_urldecode(string, inputlen, &str, &outputlen, |
214 | 0 | REJECT_NADA); |
215 | 0 | if(res) |
216 | 0 | return NULL; |
217 | | |
218 | 0 | if(olen) { |
219 | 0 | if(outputlen <= (size_t) INT_MAX) |
220 | 0 | *olen = curlx_uztosi(outputlen); |
221 | 0 | else |
222 | | /* too large to return in an int, fail! */ |
223 | 0 | Curl_safefree(str); |
224 | 0 | } |
225 | 0 | } |
226 | 0 | return str; |
227 | 0 | } |
228 | | |
229 | | /* For operating systems/environments that use different malloc/free |
230 | | systems for the app and for this library, we provide a free that uses |
231 | | the library's memory system */ |
232 | | void curl_free(void *p) |
233 | 0 | { |
234 | 0 | free(p); |
235 | 0 | } |