/src/gnupg/common/percent.c
Line | Count | Source |
1 | | /* percent.c - Percent escaping |
2 | | * Copyright (C) 2008, 2009 Free Software Foundation, Inc. |
3 | | * |
4 | | * This file is part of GnuPG. |
5 | | * |
6 | | * This file is free software; you can redistribute it and/or modify |
7 | | * it under the terms of either |
8 | | * |
9 | | * - the GNU Lesser General Public License as published by the Free |
10 | | * Software Foundation; either version 3 of the License, or (at |
11 | | * your option) any later version. |
12 | | * |
13 | | * or |
14 | | * |
15 | | * - the GNU General Public License as published by the Free |
16 | | * Software Foundation; either version 2 of the License, or (at |
17 | | * your option) any later version. |
18 | | * |
19 | | * or both in parallel, as here. |
20 | | * |
21 | | * This file is distributed in the hope that it will be useful, |
22 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
23 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
24 | | * GNU General Public License for more details. |
25 | | * |
26 | | * You should have received a copy of the GNU General Public License |
27 | | * along with this program; if not, see <https://www.gnu.org/licenses/>. |
28 | | * SPDX-License-Identifier: (LGPL-3.0-or-later OR GPL-2.0-or-later) |
29 | | */ |
30 | | |
31 | | #include <config.h> |
32 | | #include <stdlib.h> |
33 | | #include <errno.h> |
34 | | #include <ctype.h> |
35 | | #include <assert.h> |
36 | | |
37 | | #include "util.h" |
38 | | |
39 | | |
40 | | /* Create a newly alloced string from STRING with all spaces and |
41 | | * control characters converted to plus signs or %xx sequences. The |
42 | | * function returns the new string or NULL in case of a malloc |
43 | | * failure. |
44 | | * |
45 | | * Note that this function also escapes the quote character to work |
46 | | * around a bug in the mingw32 runtime which does not correctly handle |
47 | | * command line quoting. We correctly double the quote mark when |
48 | | * calling a program (i.e. gpg-protect-tool), but the pre-main code |
49 | | * does not notice the double quote as an escaped quote. We do this |
50 | | * also on POSIX systems for consistency. */ |
51 | | char * |
52 | | percent_plus_escape (const char *string) |
53 | 0 | { |
54 | 0 | char *buffer, *p; |
55 | 0 | const char *s; |
56 | 0 | size_t length; |
57 | |
|
58 | 0 | for (length=1, s=string; *s; s++) |
59 | 0 | { |
60 | 0 | if (*s == '+' || *s == '\"' || *s == '%' |
61 | 0 | || *(const unsigned char *)s < 0x20) |
62 | 0 | length += 3; |
63 | 0 | else |
64 | 0 | length++; |
65 | 0 | } |
66 | |
|
67 | 0 | buffer = p = xtrymalloc (length); |
68 | 0 | if (!buffer) |
69 | 0 | return NULL; |
70 | | |
71 | 0 | for (s=string; *s; s++) |
72 | 0 | { |
73 | 0 | if (*s == '+' || *s == '\"' || *s == '%' |
74 | 0 | || *(const unsigned char *)s < 0x20) |
75 | 0 | { |
76 | 0 | snprintf (p, 4, "%%%02X", *(unsigned char *)s); |
77 | 0 | p += 3; |
78 | 0 | } |
79 | 0 | else if (*s == ' ') |
80 | 0 | *p++ = '+'; |
81 | 0 | else |
82 | 0 | *p++ = *s; |
83 | 0 | } |
84 | 0 | *p = 0; |
85 | |
|
86 | 0 | return buffer; |
87 | |
|
88 | 0 | } |
89 | | |
90 | | |
91 | | /* Create a newly malloced string from (DATA,DATALEN) with embedded |
92 | | * nuls quoted as %00. The standard percent unescaping can be used to |
93 | | * reverse this encoding. With PLUS_ESCAPE set plus-escaping (spaces |
94 | | * are replaced by a '+') and escaping of characters with values less |
95 | | * than 0x20 is used. If PREFIX is not NULL it will be prepended to |
96 | | * the output in standard escape format; that is PLUS_ESCAPING is |
97 | | * ignored for PREFIX. */ |
98 | | char * |
99 | | percent_data_escape (int plus_escape, const char *prefix, |
100 | | const void *data, size_t datalen) |
101 | 0 | { |
102 | 0 | char *buffer, *p; |
103 | 0 | const unsigned char *s; |
104 | 0 | size_t n; |
105 | 0 | size_t length = 1; |
106 | |
|
107 | 0 | if (prefix) |
108 | 0 | { |
109 | 0 | for (s = prefix; *s; s++) |
110 | 0 | { |
111 | 0 | if (*s == '%' || *s < 0x20) |
112 | 0 | length += 3; |
113 | 0 | else |
114 | 0 | length++; |
115 | 0 | } |
116 | 0 | } |
117 | |
|
118 | 0 | for (s=data, n=datalen; n; s++, n--) |
119 | 0 | { |
120 | 0 | if (!*s || *s == '%' || (plus_escape && (*s < ' ' || *s == '+'))) |
121 | 0 | length += 3; |
122 | 0 | else |
123 | 0 | length++; |
124 | 0 | } |
125 | |
|
126 | 0 | buffer = p = xtrymalloc (length); |
127 | 0 | if (!buffer) |
128 | 0 | return NULL; |
129 | | |
130 | 0 | if (prefix) |
131 | 0 | { |
132 | 0 | for (s = prefix; *s; s++) |
133 | 0 | { |
134 | 0 | if (*s == '%' || *s < 0x20) |
135 | 0 | { |
136 | 0 | snprintf (p, 4, "%%%02X", *s); |
137 | 0 | p += 3; |
138 | 0 | } |
139 | 0 | else |
140 | 0 | *p++ = *s; |
141 | 0 | } |
142 | 0 | } |
143 | |
|
144 | 0 | for (s=data, n=datalen; n; s++, n--) |
145 | 0 | { |
146 | 0 | if (!*s) |
147 | 0 | { |
148 | 0 | memcpy (p, "%00", 3); |
149 | 0 | p += 3; |
150 | 0 | } |
151 | 0 | else if (*s == '%') |
152 | 0 | { |
153 | 0 | memcpy (p, "%25", 3); |
154 | 0 | p += 3; |
155 | 0 | } |
156 | 0 | else if (plus_escape && *s == ' ') |
157 | 0 | { |
158 | 0 | *p++ = '+'; |
159 | 0 | } |
160 | 0 | else if (plus_escape && (*s < ' ' || *s == '+')) |
161 | 0 | { |
162 | 0 | snprintf (p, 4, "%%%02X", *s); |
163 | 0 | p += 3; |
164 | 0 | } |
165 | 0 | else |
166 | 0 | *p++ = *s; |
167 | 0 | } |
168 | 0 | *p = 0; |
169 | |
|
170 | 0 | return buffer; |
171 | 0 | } |
172 | | |
173 | | |
174 | | /* Do the percent and plus/space unescaping from STRING to BUFFER and |
175 | | return the length of the valid buffer. Plus unescaping is only |
176 | | done if WITHPLUS is true. An escaped Nul character will be |
177 | | replaced by NULREPL. */ |
178 | | static size_t |
179 | | do_unescape (unsigned char *buffer, const unsigned char *string, |
180 | | int withplus, int nulrepl) |
181 | 0 | { |
182 | 0 | unsigned char *p = buffer; |
183 | |
|
184 | 0 | while (*string) |
185 | 0 | { |
186 | 0 | if (*string == '%' && string[1] && string[2]) |
187 | 0 | { |
188 | 0 | string++; |
189 | 0 | *p = xtoi_2 (string); |
190 | 0 | if (!*p) |
191 | 0 | *p = nulrepl; |
192 | 0 | string++; |
193 | 0 | } |
194 | 0 | else if (*string == '+' && withplus) |
195 | 0 | *p = ' '; |
196 | 0 | else |
197 | 0 | *p = *string; |
198 | 0 | p++; |
199 | 0 | string++; |
200 | 0 | } |
201 | |
|
202 | 0 | return (p - buffer); |
203 | 0 | } |
204 | | |
205 | | |
206 | | /* Count space required after unescaping STRING. Note that this will |
207 | | never be larger than strlen (STRING). */ |
208 | | static size_t |
209 | | count_unescape (const unsigned char *string) |
210 | 0 | { |
211 | 0 | size_t n = 0; |
212 | |
|
213 | 0 | while (*string) |
214 | 0 | { |
215 | 0 | if (*string == '%' && string[1] && string[2]) |
216 | 0 | { |
217 | 0 | string++; |
218 | 0 | string++; |
219 | 0 | } |
220 | 0 | string++; |
221 | 0 | n++; |
222 | 0 | } |
223 | |
|
224 | 0 | return n; |
225 | 0 | } |
226 | | |
227 | | |
228 | | /* Helper. */ |
229 | | static char * |
230 | | do_plus_or_plain_unescape (const char *string, int withplus, int nulrepl) |
231 | 0 | { |
232 | 0 | size_t nbytes, n; |
233 | 0 | char *newstring; |
234 | |
|
235 | 0 | nbytes = count_unescape (string); |
236 | 0 | newstring = xtrymalloc (nbytes+1); |
237 | 0 | if (newstring) |
238 | 0 | { |
239 | 0 | n = do_unescape (newstring, string, withplus, nulrepl); |
240 | 0 | assert (n == nbytes); |
241 | 0 | newstring[n] = 0; |
242 | 0 | } |
243 | 0 | return newstring; |
244 | 0 | } |
245 | | |
246 | | |
247 | | /* Create a new allocated string from STRING with all "%xx" sequences |
248 | | decoded and all plus signs replaced by a space. Embedded Nul |
249 | | characters are replaced by the value of NULREPL. The function |
250 | | returns the new string or NULL in case of a malloc failure. */ |
251 | | char * |
252 | | percent_plus_unescape (const char *string, int nulrepl) |
253 | 0 | { |
254 | 0 | return do_plus_or_plain_unescape (string, 1, nulrepl); |
255 | 0 | } |
256 | | |
257 | | |
258 | | /* Create a new allocated string from STRING with all "%xx" sequences |
259 | | decoded. Embedded Nul characters are replaced by the value of |
260 | | NULREPL. The function returns the new string or NULL in case of a |
261 | | malloc failure. */ |
262 | | char * |
263 | | percent_unescape (const char *string, int nulrepl) |
264 | 0 | { |
265 | 0 | return do_plus_or_plain_unescape (string, 0, nulrepl); |
266 | 0 | } |
267 | | |
268 | | |
269 | | static size_t |
270 | | do_unescape_inplace (char *string, int withplus, int nulrepl) |
271 | 0 | { |
272 | 0 | unsigned char *p, *p0; |
273 | |
|
274 | 0 | p = p0 = string; |
275 | 0 | while (*string) |
276 | 0 | { |
277 | 0 | if (*string == '%' && string[1] && string[2]) |
278 | 0 | { |
279 | 0 | string++; |
280 | 0 | *p = xtoi_2 (string); |
281 | 0 | if (!*p) |
282 | 0 | *p = nulrepl; |
283 | 0 | string++; |
284 | 0 | } |
285 | 0 | else if (*string == '+' && withplus) |
286 | 0 | *p = ' '; |
287 | 0 | else |
288 | 0 | *p = *string; |
289 | 0 | p++; |
290 | 0 | string++; |
291 | 0 | } |
292 | |
|
293 | 0 | return (p - p0); |
294 | 0 | } |
295 | | |
296 | | |
297 | | /* Perform percent and plus unescaping in STRING and return the new |
298 | | valid length of the string. Embedded Nul characters are replaced |
299 | | by the value of NULREPL. A terminating Nul character is not |
300 | | inserted; the caller might want to call this function this way: |
301 | | |
302 | | foo[percent_plus_unescape_inplace (foo, 0)] = 0; |
303 | | */ |
304 | | size_t |
305 | | percent_plus_unescape_inplace (char *string, int nulrepl) |
306 | 0 | { |
307 | 0 | return do_unescape_inplace (string, 1, nulrepl); |
308 | 0 | } |
309 | | |
310 | | |
311 | | /* Perform percent unescaping in STRING and return the new valid |
312 | | length of the string. Embedded Nul characters are replaced by the |
313 | | value of NULREPL. A terminating Nul character is not inserted; the |
314 | | caller might want to call this function this way: |
315 | | |
316 | | foo[percent_unescape_inplace (foo, 0)] = 0; |
317 | | */ |
318 | | size_t |
319 | | percent_unescape_inplace (char *string, int nulrepl) |
320 | 0 | { |
321 | 0 | return do_unescape_inplace (string, 0, nulrepl); |
322 | 0 | } |