curl_multibyte: Remove local encoding fallbacks

- If the UTF-8 to UTF-16 conversion fails in Windows Unicode builds then no longer fall back to assuming the string is in a local encoding. Background: Some functions in Windows Unicode builds must convert UTF-8 to UTF-16 to pass to the Windows CRT API wide-character functions since in Windows UTF-8 is not a valid locale (or at least 99% of the time right now). Prior to this change if the Unicode encoding conversion failed then libcurl would assume, for backwards compatibility with applications that may have written their code for non-Unicode builds, attempt to convert the string from local encoding to UTF-16. That type of "best effort" could theoretically cause some type of security or other problem if a string that was locally encoded was also valid UTF-8, and therefore an unexpected UTF-8 to UTF-16 conversion could occur. Ref: https://github.com/curl/curl/pull/7246 Closes https://github.com/curl/curl/pull/7257
2021-06-15 00:13:36 -04:00 · 2021-06-15 00:13:36 -04:00 · 765e060796
parent 4331c6dceb
commit 765e060796
1 changed files with 30 additions and 24 deletions
--- a/lib/curl_multibyte.c
+++ b/lib/curl_multibyte.c
@ -102,14 +102,16 @@ int curlx_win32_open(const char *filename, int oflag, ...)
  va_end(param);

 #ifdef _UNICODE
-  if(filename_w)
+  if(filename_w) {
    result = _wopen(filename_w, oflag, pmode);
-  free(filename_w);
-  if(result != -1)
-    return result;
-#endif
-
+    free(filename_w);
+  }
+  else
+    errno = EINVAL;
+  return result;
+#else
  return (_open)(filename, oflag, pmode);
+#endif
 }

 FILE *curlx_win32_fopen(const char *filename, const char *mode)
@ -120,19 +122,20 @@ FILE *curlx_win32_fopen(const char *filename, const char *mode)
  wchar_t *mode_w = curlx_convert_UTF8_to_wchar(mode);
  if(filename_w && mode_w)
    result = _wfopen(filename_w, mode_w);
+  else
+    errno = EINVAL;
  free(filename_w);
  free(mode_w);
-  if(result)
-    return result;
-#endif
-
+  return result;
+#else
  return (fopen)(filename, mode);
+#endif
 }

 int curlx_win32_stat(const char *path, struct_stat *buffer)
 {
-  int result = -1;
 #ifdef _UNICODE
+  int result = -1;
  wchar_t *path_w = curlx_convert_UTF8_to_wchar(path);
  if(path_w) {
 #if defined(USE_WIN32_SMALL_FILES)
@ -141,31 +144,34 @@ int curlx_win32_stat(const char *path, struct_stat *buffer)
    result = _wstati64(path_w, buffer);
 #endif
    free(path_w);
-    if(result != -1)
-      return result;
  }
-#endif /* _UNICODE */
-
-#if defined(USE_WIN32_SMALL_FILES)
-  result = _stat(path, buffer);
-#else
-  result = _stati64(path, buffer);
-#endif
+  else
+    errno = EINVAL;
  return result;
+#else
+#if defined(USE_WIN32_SMALL_FILES)
+  return _stat(path, buffer);
+#else
+  return _stati64(path, buffer);
+#endif
+#endif
 }

 int curlx_win32_access(const char *path, int mode)
 {
 #if defined(_UNICODE)
+  int result = -1;
  wchar_t *path_w = curlx_convert_UTF8_to_wchar(path);
  if(path_w) {
-    int result = _waccess(path_w, mode);
+    result = _waccess(path_w, mode);
    free(path_w);
-    if(result != -1)
-      return result;
  }
-#endif /* _UNICODE */
+  else
+    errno = EINVAL;
+  return result;
+#else
  return _access(path, mode);
+#endif
 }

 #endif /* USE_WIN32_LARGE_FILES || USE_WIN32_SMALL_FILES */