1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00

escape: avoid using curl_easy_unescape() internally

Since the internal Curl_urldecode() function has a better API.
This commit is contained in:
Daniel Stenberg 2016-10-08 11:21:38 +02:00
parent 53e71e47d6
commit 46133aa536
7 changed files with 91 additions and 87 deletions

View File

@ -193,11 +193,12 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
int i; int i;
char *actual_path; char *actual_path;
#endif #endif
int real_path_len; size_t real_path_len;
real_path = curl_easy_unescape(data, data->state.path, 0, &real_path_len); CURLcode result = Curl_urldecode(data, data->state.path, 0, &real_path,
if(!real_path) &real_path_len, FALSE);
return CURLE_OUT_OF_MEMORY; if(result)
return result;
#ifdef DOS_FILESYSTEM #ifdef DOS_FILESYSTEM
/* If the first character is a slash, and there's /* If the first character is a slash, and there's

View File

@ -3299,8 +3299,8 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
} }
/* get the "raw" path */ /* get the "raw" path */
path = curl_easy_unescape(data, path_to_use, 0, NULL); result = Curl_urldecode(data, path_to_use, 0, &path, NULL, FALSE);
if(!path) { if(result) {
/* out of memory, but we can limp along anyway (and should try to /* out of memory, but we can limp along anyway (and should try to
* since we may already be in the out of memory cleanup path) */ * since we may already be in the out of memory cleanup path) */
if(!result) if(!result)
@ -4287,6 +4287,7 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
slash_pos=strrchr(cur_pos, '/'); slash_pos=strrchr(cur_pos, '/');
if(slash_pos || !*cur_pos) { if(slash_pos || !*cur_pos) {
size_t dirlen = slash_pos-cur_pos; size_t dirlen = slash_pos-cur_pos;
CURLcode result;
ftpc->dirs = calloc(1, sizeof(ftpc->dirs[0])); ftpc->dirs = calloc(1, sizeof(ftpc->dirs[0]));
if(!ftpc->dirs) if(!ftpc->dirs)
@ -4295,12 +4296,13 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
if(!dirlen) if(!dirlen)
dirlen++; dirlen++;
ftpc->dirs[0] = curl_easy_unescape(conn->data, slash_pos ? cur_pos : "/", result = Curl_urldecode(conn->data, slash_pos ? cur_pos : "/",
slash_pos ? curlx_uztosi(dirlen) : 1, slash_pos ? dirlen : 1,
NULL); &ftpc->dirs[0], NULL,
if(!ftpc->dirs[0]) { FALSE);
if(result) {
freedirs(ftpc); freedirs(ftpc);
return CURLE_OUT_OF_MEMORY; return result;
} }
ftpc->dirdepth = 1; /* we consider it to be a single dir */ ftpc->dirdepth = 1; /* we consider it to be a single dir */
filename = slash_pos ? slash_pos+1 : cur_pos; /* rest is file name */ filename = slash_pos ? slash_pos+1 : cur_pos; /* rest is file name */
@ -4335,18 +4337,15 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
/* we skip empty path components, like "x//y" since the FTP command /* we skip empty path components, like "x//y" since the FTP command
CWD requires a parameter and a non-existent parameter a) doesn't CWD requires a parameter and a non-existent parameter a) doesn't
work on many servers and b) has no effect on the others. */ work on many servers and b) has no effect on the others. */
int len = curlx_sztosi(slash_pos - cur_pos + absolute_dir); size_t len = slash_pos - cur_pos + absolute_dir;
ftpc->dirs[ftpc->dirdepth] = CURLcode result =
curl_easy_unescape(conn->data, cur_pos - absolute_dir, len, NULL); Curl_urldecode(conn->data, cur_pos - absolute_dir, len,
if(!ftpc->dirs[ftpc->dirdepth]) { /* run out of memory ... */ &ftpc->dirs[ftpc->dirdepth], NULL,
failf(data, "no memory"); TRUE);
freedirs(ftpc); if(result) {
return CURLE_OUT_OF_MEMORY;
}
if(isBadFtpString(ftpc->dirs[ftpc->dirdepth])) {
free(ftpc->dirs[ftpc->dirdepth]); free(ftpc->dirs[ftpc->dirdepth]);
freedirs(ftpc); freedirs(ftpc);
return CURLE_URL_MALFORMAT; return result;
} }
} }
else { else {
@ -4382,15 +4381,12 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
} /* switch */ } /* switch */
if(filename && *filename) { if(filename && *filename) {
ftpc->file = curl_easy_unescape(conn->data, filename, 0, NULL); CURLcode result =
if(NULL == ftpc->file) { Curl_urldecode(conn->data, filename, 0, &ftpc->file, NULL, TRUE);
if(result) {
freedirs(ftpc); freedirs(ftpc);
failf(data, "no memory"); return result;
return CURLE_OUT_OF_MEMORY;
}
if(isBadFtpString(ftpc->file)) {
freedirs(ftpc);
return CURLE_URL_MALFORMAT;
} }
} }
else else
@ -4408,15 +4404,17 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
if(ftpc->prevpath) { if(ftpc->prevpath) {
/* prevpath is "raw" so we convert the input path before we compare the /* prevpath is "raw" so we convert the input path before we compare the
strings */ strings */
int dlen; size_t dlen;
char *path = curl_easy_unescape(conn->data, data->state.path, 0, &dlen); char *path;
if(!path) { CURLcode result =
Curl_urldecode(conn->data, data->state.path, 0, &path, &dlen, FALSE);
if(result) {
freedirs(ftpc); freedirs(ftpc);
return CURLE_OUT_OF_MEMORY; return result;
} }
dlen -= ftpc->file?curlx_uztosi(strlen(ftpc->file)):0; dlen -= ftpc->file?strlen(ftpc->file):0;
if((dlen == curlx_uztosi(strlen(ftpc->prevpath))) && if((dlen == strlen(ftpc->prevpath)) &&
strnequal(path, ftpc->prevpath, dlen)) { strnequal(path, ftpc->prevpath, dlen)) {
infof(data, "Request has same path as previous transfer\n"); infof(data, "Request has same path as previous transfer\n");
ftpc->cwddone = TRUE; ftpc->cwddone = TRUE;

View File

@ -35,6 +35,7 @@
#include "rawstr.h" #include "rawstr.h"
#include "select.h" #include "select.h"
#include "url.h" #include "url.h"
#include "escape.h"
#include "warnless.h" #include "warnless.h"
#include "curl_memory.h" #include "curl_memory.h"
/* The last #include file should be: */ /* The last #include file should be: */
@ -83,7 +84,7 @@ static CURLcode gopher_do(struct connectdata *conn, bool *done)
char *sel; char *sel;
char *sel_org = NULL; char *sel_org = NULL;
ssize_t amount, k; ssize_t amount, k;
int len; size_t len;
*done = TRUE; /* unconditionally */ *done = TRUE; /* unconditionally */
@ -107,7 +108,7 @@ static CURLcode gopher_do(struct connectdata *conn, bool *done)
newp[i] = '\x09'; newp[i] = '\x09';
/* ... and finally unescape */ /* ... and finally unescape */
sel = curl_easy_unescape(data, newp, 0, &len); result = Curl_urldecode(data, newp, 0, &sel, &len, FALSE);
if(!sel) if(!sel)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
sel_org = sel; sel_org = sel;

View File

@ -767,7 +767,7 @@ static bool split_str(char *str, char ***out, size_t *count)
* *
* Defined in RFC4516 section 2. * Defined in RFC4516 section 2.
*/ */
static int _ldap_url_parse2 (const struct connectdata *conn, LDAPURLDesc *ludp) static int _ldap_url_parse2(const struct connectdata *conn, LDAPURLDesc *ludp)
{ {
int rc = LDAP_SUCCESS; int rc = LDAP_SUCCESS;
char *path; char *path;
@ -798,12 +798,13 @@ static int _ldap_url_parse2 (const struct connectdata *conn, LDAPURLDesc *ludp)
if(*p) { if(*p) {
char *dn = p; char *dn = p;
char *unescaped; char *unescaped;
CURLcode result;
LDAP_TRACE (("DN '%s'\n", dn)); LDAP_TRACE (("DN '%s'\n", dn));
/* Unescape the DN */ /* Unescape the DN */
unescaped = curl_easy_unescape(conn->data, dn, 0, NULL); result = Curl_urldecode(conn->data, dn, 0, &unescaped, NULL, FALSE);
if(!unescaped) { if(result) {
rc = LDAP_NO_MEMORY; rc = LDAP_NO_MEMORY;
goto quit; goto quit;
@ -862,12 +863,14 @@ static int _ldap_url_parse2 (const struct connectdata *conn, LDAPURLDesc *ludp)
for(i = 0; i < count; i++) { for(i = 0; i < count; i++) {
char *unescaped; char *unescaped;
CURLcode result;
LDAP_TRACE (("attr[%d] '%s'\n", i, attributes[i])); LDAP_TRACE (("attr[%d] '%s'\n", i, attributes[i]));
/* Unescape the attribute */ /* Unescape the attribute */
unescaped = curl_easy_unescape(conn->data, attributes[i], 0, NULL); result = Curl_urldecode(conn->data, attributes[i], 0, &unescaped, NULL,
if(!unescaped) { FALSE);
if(result) {
free(attributes); free(attributes);
rc = LDAP_NO_MEMORY; rc = LDAP_NO_MEMORY;
@ -930,12 +933,13 @@ static int _ldap_url_parse2 (const struct connectdata *conn, LDAPURLDesc *ludp)
if(*p) { if(*p) {
char *filter = p; char *filter = p;
char *unescaped; char *unescaped;
CURLcode result;
LDAP_TRACE (("filter '%s'\n", filter)); LDAP_TRACE (("filter '%s'\n", filter));
/* Unescape the filter */ /* Unescape the filter */
unescaped = curl_easy_unescape(conn->data, filter, 0, NULL); result = Curl_urldecode(conn->data, filter, 0, &unescaped, NULL, FALSE);
if(!unescaped) { if(result) {
rc = LDAP_NO_MEMORY; rc = LDAP_NO_MEMORY;
goto quit; goto quit;
@ -971,8 +975,8 @@ quit:
return rc; return rc;
} }
static int _ldap_url_parse (const struct connectdata *conn, static int _ldap_url_parse(const struct connectdata *conn,
LDAPURLDesc **ludpp) LDAPURLDesc **ludpp)
{ {
LDAPURLDesc *ludp = calloc(1, sizeof(*ludp)); LDAPURLDesc *ludp = calloc(1, sizeof(*ludp));
int rc; int rc;
@ -981,7 +985,7 @@ static int _ldap_url_parse (const struct connectdata *conn,
if(!ludp) if(!ludp)
return LDAP_NO_MEMORY; return LDAP_NO_MEMORY;
rc = _ldap_url_parse2 (conn, ludp); rc = _ldap_url_parse2(conn, ludp);
if(rc != LDAP_SUCCESS) { if(rc != LDAP_SUCCESS) {
_ldap_free_urldesc(ludp); _ldap_free_urldesc(ludp);
ludp = NULL; ludp = NULL;
@ -990,7 +994,7 @@ static int _ldap_url_parse (const struct connectdata *conn,
return (rc); return (rc);
} }
static void _ldap_free_urldesc (LDAPURLDesc *ludp) static void _ldap_free_urldesc(LDAPURLDesc *ludp)
{ {
size_t i; size_t i;

View File

@ -416,12 +416,12 @@ static CURLcode ssh_getworkingpath(struct connectdata *conn,
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
char *real_path = NULL; char *real_path = NULL;
char *working_path; char *working_path;
int working_path_len; size_t working_path_len;
CURLcode result =
working_path = curl_easy_unescape(data, data->state.path, 0, Curl_urldecode(data, data->state.path, 0, &working_path,
&working_path_len); &working_path_len, FALSE);
if(!working_path) if(result)
return CURLE_OUT_OF_MEMORY; return result;
/* Check for /~/, indicating relative to the user's home directory */ /* Check for /~/, indicating relative to the user's home directory */
if(conn->handler->protocol & CURLPROTO_SCP) { if(conn->handler->protocol & CURLPROTO_SCP) {

View File

@ -58,6 +58,7 @@
#include "rawstr.h" #include "rawstr.h"
#include "speedcheck.h" #include "speedcheck.h"
#include "select.h" #include "select.h"
#include "escape.h"
/* The last 3 #include files should be in this order */ /* The last 3 #include files should be in this order */
#include "curl_printf.h" #include "curl_printf.h"
@ -484,10 +485,10 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event)
/* As RFC3617 describes the separator slash is not actually part of the /* As RFC3617 describes the separator slash is not actually part of the
file name so we skip the always-present first letter of the path file name so we skip the always-present first letter of the path
string. */ string. */
filename = curl_easy_unescape(data, &state->conn->data->state.path[1], 0, result = Curl_urldecode(data, &state->conn->data->state.path[1], 0,
NULL); &filename, NULL, FALSE);
if(!filename) if(result)
return CURLE_OUT_OF_MEMORY; return result;
snprintf((char *)state->spacket.data+2, snprintf((char *)state->spacket.data+2,
state->blksize, state->blksize,

View File

@ -4691,21 +4691,24 @@ static CURLcode parse_proxy(struct Curl_easy *data,
them. */ them. */
Curl_safefree(conn->proxyuser); Curl_safefree(conn->proxyuser);
if(proxyuser && strlen(proxyuser) < MAX_CURL_USER_LENGTH) if(proxyuser && strlen(proxyuser) < MAX_CURL_USER_LENGTH)
conn->proxyuser = curl_easy_unescape(data, proxyuser, 0, NULL); result = Curl_urldecode(data, proxyuser, 0, &conn->proxyuser, NULL,
else FALSE);
conn->proxyuser = strdup("");
if(!conn->proxyuser)
result = CURLE_OUT_OF_MEMORY;
else { else {
conn->proxyuser = strdup("");
if(!conn->proxyuser)
result = CURLE_OUT_OF_MEMORY;
}
if(!result) {
Curl_safefree(conn->proxypasswd); Curl_safefree(conn->proxypasswd);
if(proxypasswd && strlen(proxypasswd) < MAX_CURL_PASSWORD_LENGTH) if(proxypasswd && strlen(proxypasswd) < MAX_CURL_PASSWORD_LENGTH)
conn->proxypasswd = curl_easy_unescape(data, proxypasswd, 0, NULL); result = Curl_urldecode(data, proxypasswd, 0,
else &conn->proxypasswd, NULL, FALSE);
else {
conn->proxypasswd = strdup(""); conn->proxypasswd = strdup("");
if(!conn->proxypasswd)
if(!conn->proxypasswd) result = CURLE_OUT_OF_MEMORY;
result = CURLE_OUT_OF_MEMORY; }
} }
if(!result) { if(!result) {
@ -4812,6 +4815,7 @@ static CURLcode parse_proxy_auth(struct Curl_easy *data,
{ {
char proxyuser[MAX_CURL_USER_LENGTH]=""; char proxyuser[MAX_CURL_USER_LENGTH]="";
char proxypasswd[MAX_CURL_PASSWORD_LENGTH]=""; char proxypasswd[MAX_CURL_PASSWORD_LENGTH]="";
CURLcode result;
if(data->set.str[STRING_PROXYUSERNAME] != NULL) { if(data->set.str[STRING_PROXYUSERNAME] != NULL) {
strncpy(proxyuser, data->set.str[STRING_PROXYUSERNAME], strncpy(proxyuser, data->set.str[STRING_PROXYUSERNAME],
@ -4824,15 +4828,11 @@ static CURLcode parse_proxy_auth(struct Curl_easy *data,
proxypasswd[MAX_CURL_PASSWORD_LENGTH-1] = '\0'; /*To be on safe side*/ proxypasswd[MAX_CURL_PASSWORD_LENGTH-1] = '\0'; /*To be on safe side*/
} }
conn->proxyuser = curl_easy_unescape(data, proxyuser, 0, NULL); result = Curl_urldecode(data, proxyuser, 0, &conn->proxyuser, NULL, FALSE);
if(!conn->proxyuser) if(!result)
return CURLE_OUT_OF_MEMORY; result = Curl_urldecode(data, proxypasswd, 0, &conn->proxypasswd, NULL,
FALSE);
conn->proxypasswd = curl_easy_unescape(data, proxypasswd, 0, NULL); return result;
if(!conn->proxypasswd)
return CURLE_OUT_OF_MEMORY;
return CURLE_OK;
} }
#endif /* CURL_DISABLE_PROXY */ #endif /* CURL_DISABLE_PROXY */
@ -4906,9 +4906,8 @@ static CURLcode parse_url_login(struct Curl_easy *data,
conn->bits.user_passwd = TRUE; /* enable user+password */ conn->bits.user_passwd = TRUE; /* enable user+password */
/* Decode the user */ /* Decode the user */
newname = curl_easy_unescape(data, userp, 0, NULL); result = Curl_urldecode(data, userp, 0, &newname, NULL, FALSE);
if(!newname) { if(result) {
result = CURLE_OUT_OF_MEMORY;
goto out; goto out;
} }
@ -4918,9 +4917,9 @@ static CURLcode parse_url_login(struct Curl_easy *data,
if(passwdp) { if(passwdp) {
/* We have a password in the URL so decode it */ /* We have a password in the URL so decode it */
char *newpasswd = curl_easy_unescape(data, passwdp, 0, NULL); char *newpasswd;
if(!newpasswd) { result = Curl_urldecode(data, passwdp, 0, &newpasswd, NULL, FALSE);
result = CURLE_OUT_OF_MEMORY; if(result) {
goto out; goto out;
} }
@ -4930,9 +4929,9 @@ static CURLcode parse_url_login(struct Curl_easy *data,
if(optionsp) { if(optionsp) {
/* We have an options list in the URL so decode it */ /* We have an options list in the URL so decode it */
char *newoptions = curl_easy_unescape(data, optionsp, 0, NULL); char *newoptions;
if(!newoptions) { result = Curl_urldecode(data, optionsp, 0, &newoptions, NULL, FALSE);
result = CURLE_OUT_OF_MEMORY; if(result) {
goto out; goto out;
} }