mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 08:08:50 -05:00
escape: avoid using curl_easy_unescape() internally
Since the internal Curl_urldecode() function has a better API.
This commit is contained in:
parent
53e71e47d6
commit
46133aa536
@ -193,11 +193,12 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
|
|||||||
int i;
|
int i;
|
||||||
char *actual_path;
|
char *actual_path;
|
||||||
#endif
|
#endif
|
||||||
int real_path_len;
|
size_t real_path_len;
|
||||||
|
|
||||||
real_path = curl_easy_unescape(data, data->state.path, 0, &real_path_len);
|
CURLcode result = Curl_urldecode(data, data->state.path, 0, &real_path,
|
||||||
if(!real_path)
|
&real_path_len, FALSE);
|
||||||
return CURLE_OUT_OF_MEMORY;
|
if(result)
|
||||||
|
return result;
|
||||||
|
|
||||||
#ifdef DOS_FILESYSTEM
|
#ifdef DOS_FILESYSTEM
|
||||||
/* If the first character is a slash, and there's
|
/* If the first character is a slash, and there's
|
||||||
|
60
lib/ftp.c
60
lib/ftp.c
@ -3299,8 +3299,8 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* get the "raw" path */
|
/* get the "raw" path */
|
||||||
path = curl_easy_unescape(data, path_to_use, 0, NULL);
|
result = Curl_urldecode(data, path_to_use, 0, &path, NULL, FALSE);
|
||||||
if(!path) {
|
if(result) {
|
||||||
/* out of memory, but we can limp along anyway (and should try to
|
/* out of memory, but we can limp along anyway (and should try to
|
||||||
* since we may already be in the out of memory cleanup path) */
|
* since we may already be in the out of memory cleanup path) */
|
||||||
if(!result)
|
if(!result)
|
||||||
@ -4287,6 +4287,7 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
|
|||||||
slash_pos=strrchr(cur_pos, '/');
|
slash_pos=strrchr(cur_pos, '/');
|
||||||
if(slash_pos || !*cur_pos) {
|
if(slash_pos || !*cur_pos) {
|
||||||
size_t dirlen = slash_pos-cur_pos;
|
size_t dirlen = slash_pos-cur_pos;
|
||||||
|
CURLcode result;
|
||||||
|
|
||||||
ftpc->dirs = calloc(1, sizeof(ftpc->dirs[0]));
|
ftpc->dirs = calloc(1, sizeof(ftpc->dirs[0]));
|
||||||
if(!ftpc->dirs)
|
if(!ftpc->dirs)
|
||||||
@ -4295,12 +4296,13 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
|
|||||||
if(!dirlen)
|
if(!dirlen)
|
||||||
dirlen++;
|
dirlen++;
|
||||||
|
|
||||||
ftpc->dirs[0] = curl_easy_unescape(conn->data, slash_pos ? cur_pos : "/",
|
result = Curl_urldecode(conn->data, slash_pos ? cur_pos : "/",
|
||||||
slash_pos ? curlx_uztosi(dirlen) : 1,
|
slash_pos ? dirlen : 1,
|
||||||
NULL);
|
&ftpc->dirs[0], NULL,
|
||||||
if(!ftpc->dirs[0]) {
|
FALSE);
|
||||||
|
if(result) {
|
||||||
freedirs(ftpc);
|
freedirs(ftpc);
|
||||||
return CURLE_OUT_OF_MEMORY;
|
return result;
|
||||||
}
|
}
|
||||||
ftpc->dirdepth = 1; /* we consider it to be a single dir */
|
ftpc->dirdepth = 1; /* we consider it to be a single dir */
|
||||||
filename = slash_pos ? slash_pos+1 : cur_pos; /* rest is file name */
|
filename = slash_pos ? slash_pos+1 : cur_pos; /* rest is file name */
|
||||||
@ -4335,18 +4337,15 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
|
|||||||
/* we skip empty path components, like "x//y" since the FTP command
|
/* we skip empty path components, like "x//y" since the FTP command
|
||||||
CWD requires a parameter and a non-existent parameter a) doesn't
|
CWD requires a parameter and a non-existent parameter a) doesn't
|
||||||
work on many servers and b) has no effect on the others. */
|
work on many servers and b) has no effect on the others. */
|
||||||
int len = curlx_sztosi(slash_pos - cur_pos + absolute_dir);
|
size_t len = slash_pos - cur_pos + absolute_dir;
|
||||||
ftpc->dirs[ftpc->dirdepth] =
|
CURLcode result =
|
||||||
curl_easy_unescape(conn->data, cur_pos - absolute_dir, len, NULL);
|
Curl_urldecode(conn->data, cur_pos - absolute_dir, len,
|
||||||
if(!ftpc->dirs[ftpc->dirdepth]) { /* run out of memory ... */
|
&ftpc->dirs[ftpc->dirdepth], NULL,
|
||||||
failf(data, "no memory");
|
TRUE);
|
||||||
freedirs(ftpc);
|
if(result) {
|
||||||
return CURLE_OUT_OF_MEMORY;
|
|
||||||
}
|
|
||||||
if(isBadFtpString(ftpc->dirs[ftpc->dirdepth])) {
|
|
||||||
free(ftpc->dirs[ftpc->dirdepth]);
|
free(ftpc->dirs[ftpc->dirdepth]);
|
||||||
freedirs(ftpc);
|
freedirs(ftpc);
|
||||||
return CURLE_URL_MALFORMAT;
|
return result;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@ -4382,15 +4381,12 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
|
|||||||
} /* switch */
|
} /* switch */
|
||||||
|
|
||||||
if(filename && *filename) {
|
if(filename && *filename) {
|
||||||
ftpc->file = curl_easy_unescape(conn->data, filename, 0, NULL);
|
CURLcode result =
|
||||||
if(NULL == ftpc->file) {
|
Curl_urldecode(conn->data, filename, 0, &ftpc->file, NULL, TRUE);
|
||||||
|
|
||||||
|
if(result) {
|
||||||
freedirs(ftpc);
|
freedirs(ftpc);
|
||||||
failf(data, "no memory");
|
return result;
|
||||||
return CURLE_OUT_OF_MEMORY;
|
|
||||||
}
|
|
||||||
if(isBadFtpString(ftpc->file)) {
|
|
||||||
freedirs(ftpc);
|
|
||||||
return CURLE_URL_MALFORMAT;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -4408,15 +4404,17 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
|
|||||||
if(ftpc->prevpath) {
|
if(ftpc->prevpath) {
|
||||||
/* prevpath is "raw" so we convert the input path before we compare the
|
/* prevpath is "raw" so we convert the input path before we compare the
|
||||||
strings */
|
strings */
|
||||||
int dlen;
|
size_t dlen;
|
||||||
char *path = curl_easy_unescape(conn->data, data->state.path, 0, &dlen);
|
char *path;
|
||||||
if(!path) {
|
CURLcode result =
|
||||||
|
Curl_urldecode(conn->data, data->state.path, 0, &path, &dlen, FALSE);
|
||||||
|
if(result) {
|
||||||
freedirs(ftpc);
|
freedirs(ftpc);
|
||||||
return CURLE_OUT_OF_MEMORY;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
dlen -= ftpc->file?curlx_uztosi(strlen(ftpc->file)):0;
|
dlen -= ftpc->file?strlen(ftpc->file):0;
|
||||||
if((dlen == curlx_uztosi(strlen(ftpc->prevpath))) &&
|
if((dlen == strlen(ftpc->prevpath)) &&
|
||||||
strnequal(path, ftpc->prevpath, dlen)) {
|
strnequal(path, ftpc->prevpath, dlen)) {
|
||||||
infof(data, "Request has same path as previous transfer\n");
|
infof(data, "Request has same path as previous transfer\n");
|
||||||
ftpc->cwddone = TRUE;
|
ftpc->cwddone = TRUE;
|
||||||
|
@ -35,6 +35,7 @@
|
|||||||
#include "rawstr.h"
|
#include "rawstr.h"
|
||||||
#include "select.h"
|
#include "select.h"
|
||||||
#include "url.h"
|
#include "url.h"
|
||||||
|
#include "escape.h"
|
||||||
#include "warnless.h"
|
#include "warnless.h"
|
||||||
#include "curl_memory.h"
|
#include "curl_memory.h"
|
||||||
/* The last #include file should be: */
|
/* The last #include file should be: */
|
||||||
@ -83,7 +84,7 @@ static CURLcode gopher_do(struct connectdata *conn, bool *done)
|
|||||||
char *sel;
|
char *sel;
|
||||||
char *sel_org = NULL;
|
char *sel_org = NULL;
|
||||||
ssize_t amount, k;
|
ssize_t amount, k;
|
||||||
int len;
|
size_t len;
|
||||||
|
|
||||||
*done = TRUE; /* unconditionally */
|
*done = TRUE; /* unconditionally */
|
||||||
|
|
||||||
@ -107,7 +108,7 @@ static CURLcode gopher_do(struct connectdata *conn, bool *done)
|
|||||||
newp[i] = '\x09';
|
newp[i] = '\x09';
|
||||||
|
|
||||||
/* ... and finally unescape */
|
/* ... and finally unescape */
|
||||||
sel = curl_easy_unescape(data, newp, 0, &len);
|
result = Curl_urldecode(data, newp, 0, &sel, &len, FALSE);
|
||||||
if(!sel)
|
if(!sel)
|
||||||
return CURLE_OUT_OF_MEMORY;
|
return CURLE_OUT_OF_MEMORY;
|
||||||
sel_org = sel;
|
sel_org = sel;
|
||||||
|
16
lib/ldap.c
16
lib/ldap.c
@ -798,12 +798,13 @@ static int _ldap_url_parse2 (const struct connectdata *conn, LDAPURLDesc *ludp)
|
|||||||
if(*p) {
|
if(*p) {
|
||||||
char *dn = p;
|
char *dn = p;
|
||||||
char *unescaped;
|
char *unescaped;
|
||||||
|
CURLcode result;
|
||||||
|
|
||||||
LDAP_TRACE (("DN '%s'\n", dn));
|
LDAP_TRACE (("DN '%s'\n", dn));
|
||||||
|
|
||||||
/* Unescape the DN */
|
/* Unescape the DN */
|
||||||
unescaped = curl_easy_unescape(conn->data, dn, 0, NULL);
|
result = Curl_urldecode(conn->data, dn, 0, &unescaped, NULL, FALSE);
|
||||||
if(!unescaped) {
|
if(result) {
|
||||||
rc = LDAP_NO_MEMORY;
|
rc = LDAP_NO_MEMORY;
|
||||||
|
|
||||||
goto quit;
|
goto quit;
|
||||||
@ -862,12 +863,14 @@ static int _ldap_url_parse2 (const struct connectdata *conn, LDAPURLDesc *ludp)
|
|||||||
|
|
||||||
for(i = 0; i < count; i++) {
|
for(i = 0; i < count; i++) {
|
||||||
char *unescaped;
|
char *unescaped;
|
||||||
|
CURLcode result;
|
||||||
|
|
||||||
LDAP_TRACE (("attr[%d] '%s'\n", i, attributes[i]));
|
LDAP_TRACE (("attr[%d] '%s'\n", i, attributes[i]));
|
||||||
|
|
||||||
/* Unescape the attribute */
|
/* Unescape the attribute */
|
||||||
unescaped = curl_easy_unescape(conn->data, attributes[i], 0, NULL);
|
result = Curl_urldecode(conn->data, attributes[i], 0, &unescaped, NULL,
|
||||||
if(!unescaped) {
|
FALSE);
|
||||||
|
if(result) {
|
||||||
free(attributes);
|
free(attributes);
|
||||||
|
|
||||||
rc = LDAP_NO_MEMORY;
|
rc = LDAP_NO_MEMORY;
|
||||||
@ -930,12 +933,13 @@ static int _ldap_url_parse2 (const struct connectdata *conn, LDAPURLDesc *ludp)
|
|||||||
if(*p) {
|
if(*p) {
|
||||||
char *filter = p;
|
char *filter = p;
|
||||||
char *unescaped;
|
char *unescaped;
|
||||||
|
CURLcode result;
|
||||||
|
|
||||||
LDAP_TRACE (("filter '%s'\n", filter));
|
LDAP_TRACE (("filter '%s'\n", filter));
|
||||||
|
|
||||||
/* Unescape the filter */
|
/* Unescape the filter */
|
||||||
unescaped = curl_easy_unescape(conn->data, filter, 0, NULL);
|
result = Curl_urldecode(conn->data, filter, 0, &unescaped, NULL, FALSE);
|
||||||
if(!unescaped) {
|
if(result) {
|
||||||
rc = LDAP_NO_MEMORY;
|
rc = LDAP_NO_MEMORY;
|
||||||
|
|
||||||
goto quit;
|
goto quit;
|
||||||
|
12
lib/ssh.c
12
lib/ssh.c
@ -416,12 +416,12 @@ static CURLcode ssh_getworkingpath(struct connectdata *conn,
|
|||||||
struct Curl_easy *data = conn->data;
|
struct Curl_easy *data = conn->data;
|
||||||
char *real_path = NULL;
|
char *real_path = NULL;
|
||||||
char *working_path;
|
char *working_path;
|
||||||
int working_path_len;
|
size_t working_path_len;
|
||||||
|
CURLcode result =
|
||||||
working_path = curl_easy_unescape(data, data->state.path, 0,
|
Curl_urldecode(data, data->state.path, 0, &working_path,
|
||||||
&working_path_len);
|
&working_path_len, FALSE);
|
||||||
if(!working_path)
|
if(result)
|
||||||
return CURLE_OUT_OF_MEMORY;
|
return result;
|
||||||
|
|
||||||
/* Check for /~/, indicating relative to the user's home directory */
|
/* Check for /~/, indicating relative to the user's home directory */
|
||||||
if(conn->handler->protocol & CURLPROTO_SCP) {
|
if(conn->handler->protocol & CURLPROTO_SCP) {
|
||||||
|
@ -58,6 +58,7 @@
|
|||||||
#include "rawstr.h"
|
#include "rawstr.h"
|
||||||
#include "speedcheck.h"
|
#include "speedcheck.h"
|
||||||
#include "select.h"
|
#include "select.h"
|
||||||
|
#include "escape.h"
|
||||||
|
|
||||||
/* The last 3 #include files should be in this order */
|
/* The last 3 #include files should be in this order */
|
||||||
#include "curl_printf.h"
|
#include "curl_printf.h"
|
||||||
@ -484,10 +485,10 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event)
|
|||||||
/* As RFC3617 describes the separator slash is not actually part of the
|
/* As RFC3617 describes the separator slash is not actually part of the
|
||||||
file name so we skip the always-present first letter of the path
|
file name so we skip the always-present first letter of the path
|
||||||
string. */
|
string. */
|
||||||
filename = curl_easy_unescape(data, &state->conn->data->state.path[1], 0,
|
result = Curl_urldecode(data, &state->conn->data->state.path[1], 0,
|
||||||
NULL);
|
&filename, NULL, FALSE);
|
||||||
if(!filename)
|
if(result)
|
||||||
return CURLE_OUT_OF_MEMORY;
|
return result;
|
||||||
|
|
||||||
snprintf((char *)state->spacket.data+2,
|
snprintf((char *)state->spacket.data+2,
|
||||||
state->blksize,
|
state->blksize,
|
||||||
|
49
lib/url.c
49
lib/url.c
@ -4691,22 +4691,25 @@ static CURLcode parse_proxy(struct Curl_easy *data,
|
|||||||
them. */
|
them. */
|
||||||
Curl_safefree(conn->proxyuser);
|
Curl_safefree(conn->proxyuser);
|
||||||
if(proxyuser && strlen(proxyuser) < MAX_CURL_USER_LENGTH)
|
if(proxyuser && strlen(proxyuser) < MAX_CURL_USER_LENGTH)
|
||||||
conn->proxyuser = curl_easy_unescape(data, proxyuser, 0, NULL);
|
result = Curl_urldecode(data, proxyuser, 0, &conn->proxyuser, NULL,
|
||||||
else
|
FALSE);
|
||||||
|
else {
|
||||||
conn->proxyuser = strdup("");
|
conn->proxyuser = strdup("");
|
||||||
|
|
||||||
if(!conn->proxyuser)
|
if(!conn->proxyuser)
|
||||||
result = CURLE_OUT_OF_MEMORY;
|
result = CURLE_OUT_OF_MEMORY;
|
||||||
else {
|
}
|
||||||
|
|
||||||
|
if(!result) {
|
||||||
Curl_safefree(conn->proxypasswd);
|
Curl_safefree(conn->proxypasswd);
|
||||||
if(proxypasswd && strlen(proxypasswd) < MAX_CURL_PASSWORD_LENGTH)
|
if(proxypasswd && strlen(proxypasswd) < MAX_CURL_PASSWORD_LENGTH)
|
||||||
conn->proxypasswd = curl_easy_unescape(data, proxypasswd, 0, NULL);
|
result = Curl_urldecode(data, proxypasswd, 0,
|
||||||
else
|
&conn->proxypasswd, NULL, FALSE);
|
||||||
|
else {
|
||||||
conn->proxypasswd = strdup("");
|
conn->proxypasswd = strdup("");
|
||||||
|
|
||||||
if(!conn->proxypasswd)
|
if(!conn->proxypasswd)
|
||||||
result = CURLE_OUT_OF_MEMORY;
|
result = CURLE_OUT_OF_MEMORY;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if(!result) {
|
if(!result) {
|
||||||
conn->bits.proxy_user_passwd = TRUE; /* enable it */
|
conn->bits.proxy_user_passwd = TRUE; /* enable it */
|
||||||
@ -4812,6 +4815,7 @@ static CURLcode parse_proxy_auth(struct Curl_easy *data,
|
|||||||
{
|
{
|
||||||
char proxyuser[MAX_CURL_USER_LENGTH]="";
|
char proxyuser[MAX_CURL_USER_LENGTH]="";
|
||||||
char proxypasswd[MAX_CURL_PASSWORD_LENGTH]="";
|
char proxypasswd[MAX_CURL_PASSWORD_LENGTH]="";
|
||||||
|
CURLcode result;
|
||||||
|
|
||||||
if(data->set.str[STRING_PROXYUSERNAME] != NULL) {
|
if(data->set.str[STRING_PROXYUSERNAME] != NULL) {
|
||||||
strncpy(proxyuser, data->set.str[STRING_PROXYUSERNAME],
|
strncpy(proxyuser, data->set.str[STRING_PROXYUSERNAME],
|
||||||
@ -4824,15 +4828,11 @@ static CURLcode parse_proxy_auth(struct Curl_easy *data,
|
|||||||
proxypasswd[MAX_CURL_PASSWORD_LENGTH-1] = '\0'; /*To be on safe side*/
|
proxypasswd[MAX_CURL_PASSWORD_LENGTH-1] = '\0'; /*To be on safe side*/
|
||||||
}
|
}
|
||||||
|
|
||||||
conn->proxyuser = curl_easy_unescape(data, proxyuser, 0, NULL);
|
result = Curl_urldecode(data, proxyuser, 0, &conn->proxyuser, NULL, FALSE);
|
||||||
if(!conn->proxyuser)
|
if(!result)
|
||||||
return CURLE_OUT_OF_MEMORY;
|
result = Curl_urldecode(data, proxypasswd, 0, &conn->proxypasswd, NULL,
|
||||||
|
FALSE);
|
||||||
conn->proxypasswd = curl_easy_unescape(data, proxypasswd, 0, NULL);
|
return result;
|
||||||
if(!conn->proxypasswd)
|
|
||||||
return CURLE_OUT_OF_MEMORY;
|
|
||||||
|
|
||||||
return CURLE_OK;
|
|
||||||
}
|
}
|
||||||
#endif /* CURL_DISABLE_PROXY */
|
#endif /* CURL_DISABLE_PROXY */
|
||||||
|
|
||||||
@ -4906,9 +4906,8 @@ static CURLcode parse_url_login(struct Curl_easy *data,
|
|||||||
conn->bits.user_passwd = TRUE; /* enable user+password */
|
conn->bits.user_passwd = TRUE; /* enable user+password */
|
||||||
|
|
||||||
/* Decode the user */
|
/* Decode the user */
|
||||||
newname = curl_easy_unescape(data, userp, 0, NULL);
|
result = Curl_urldecode(data, userp, 0, &newname, NULL, FALSE);
|
||||||
if(!newname) {
|
if(result) {
|
||||||
result = CURLE_OUT_OF_MEMORY;
|
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -4918,9 +4917,9 @@ static CURLcode parse_url_login(struct Curl_easy *data,
|
|||||||
|
|
||||||
if(passwdp) {
|
if(passwdp) {
|
||||||
/* We have a password in the URL so decode it */
|
/* We have a password in the URL so decode it */
|
||||||
char *newpasswd = curl_easy_unescape(data, passwdp, 0, NULL);
|
char *newpasswd;
|
||||||
if(!newpasswd) {
|
result = Curl_urldecode(data, passwdp, 0, &newpasswd, NULL, FALSE);
|
||||||
result = CURLE_OUT_OF_MEMORY;
|
if(result) {
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -4930,9 +4929,9 @@ static CURLcode parse_url_login(struct Curl_easy *data,
|
|||||||
|
|
||||||
if(optionsp) {
|
if(optionsp) {
|
||||||
/* We have an options list in the URL so decode it */
|
/* We have an options list in the URL so decode it */
|
||||||
char *newoptions = curl_easy_unescape(data, optionsp, 0, NULL);
|
char *newoptions;
|
||||||
if(!newoptions) {
|
result = Curl_urldecode(data, optionsp, 0, &newoptions, NULL, FALSE);
|
||||||
result = CURLE_OUT_OF_MEMORY;
|
if(result) {
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user