mirror of https://github.com/moparisthebest/curl
glob: backslash escaping bug
curl didn't properly handle escaping characters in a URL with the use of backslash. It did an attempt, but that failed as reported in bug 3022551. The described example was using the URL "http://example.com?{AB,C\,D}". I've now removed the special-handling of letters following the backslash and I also removed the bad extra check that triggered this particular bug. Bug: http://curl.haxx.se/bug/view.cgi?id=3022551 Reported by: Jon Sargeant
This commit is contained in:
parent
bcefe839c7
commit
89924a897d
|
@ -20,6 +20,7 @@ This release includes the following bugfixes:
|
||||||
o ftp-wildcard: avoid tight loop when used without any pattern
|
o ftp-wildcard: avoid tight loop when used without any pattern
|
||||||
o multi_socket: re-use of same socket without notifying app
|
o multi_socket: re-use of same socket without notifying app
|
||||||
o ftp wildcard: FTP LIST parser FIX
|
o ftp wildcard: FTP LIST parser FIX
|
||||||
|
o urlglobbing backslash escaping bug
|
||||||
|
|
||||||
This release includes the following known bugs:
|
This release includes the following known bugs:
|
||||||
|
|
||||||
|
@ -29,6 +30,7 @@ This release would not have looked like this without help, code, reports and
|
||||||
advice from friends like these:
|
advice from friends like these:
|
||||||
|
|
||||||
Dan Fandrich, Kamil Dudka, Krister Johansen, Pavel Raiskup,
|
Dan Fandrich, Kamil Dudka, Krister Johansen, Pavel Raiskup,
|
||||||
|
Jon Sargeant
|
||||||
|
|
||||||
|
|
||||||
Thanks! (and sorry if I forgot to mention someone)
|
Thanks! (and sorry if I forgot to mention someone)
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
* | (__| |_| | _ <| |___
|
* | (__| |_| | _ <| |___
|
||||||
* \___|\___/|_| \_\_____|
|
* \___|\___/|_| \_\_____|
|
||||||
*
|
*
|
||||||
* Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
|
* Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||||
*
|
*
|
||||||
* This software is licensed as described in the file COPYING, which
|
* This software is licensed as described in the file COPYING, which
|
||||||
* you should have received as part of this distribution. The terms
|
* you should have received as part of this distribution. The terms
|
||||||
|
@ -75,8 +75,6 @@ static GlobCode glob_set(URLGlob *glob, char *pattern,
|
||||||
++glob->size;
|
++glob->size;
|
||||||
|
|
||||||
while (!done) {
|
while (!done) {
|
||||||
bool skip;
|
|
||||||
|
|
||||||
switch (*pattern) {
|
switch (*pattern) {
|
||||||
case '\0': /* URL ended while set was still open */
|
case '\0': /* URL ended while set was still open */
|
||||||
snprintf(glob->errormsg, sizeof(glob->errormsg),
|
snprintf(glob->errormsg, sizeof(glob->errormsg),
|
||||||
|
@ -127,24 +125,7 @@ static GlobCode glob_set(URLGlob *glob, char *pattern,
|
||||||
return GLOB_ERROR;
|
return GLOB_ERROR;
|
||||||
|
|
||||||
case '\\': /* escaped character, skip '\' */
|
case '\\': /* escaped character, skip '\' */
|
||||||
switch(pattern[1]) {
|
if(pattern[1]) {
|
||||||
case '[':
|
|
||||||
case ']':
|
|
||||||
case '{':
|
|
||||||
case '}':
|
|
||||||
case ',':
|
|
||||||
skip = TRUE;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
skip = FALSE;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if(skip) {
|
|
||||||
if (*(buf+1) == '\0') { /* but no escaping of '\0'! */
|
|
||||||
snprintf(glob->errormsg, sizeof(glob->errormsg),
|
|
||||||
"illegal pattern at pos %zu\n", pos);
|
|
||||||
return GLOB_ERROR;
|
|
||||||
}
|
|
||||||
++pattern;
|
++pattern;
|
||||||
++pos;
|
++pos;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue