1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-13 21:15:08 -05:00
curl/docs/libcurl/curl_easy_unescape.3
Daniel Stenberg 53e71e47d6 unescape: avoid integer overflow
CVE-2016-8622

Bug: https://curl.haxx.se/docs/adv_20161102H.html
Reported-by: Cure53
2016-10-31 08:46:35 +01:00

55 lines
2.4 KiB
Groff

.\" **************************************************************************
.\" * _ _ ____ _
.\" * Project ___| | | | _ \| |
.\" * / __| | | | |_) | |
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
.\" * are also available at https://curl.haxx.se/docs/copyright.html.
.\" *
.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
.\" * copies of the Software, and permit persons to whom the Software is
.\" * furnished to do so, under the terms of the COPYING file.
.\" *
.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
.\" * KIND, either express or implied.
.\" *
.\" **************************************************************************
.\"
.TH curl_easy_unescape 3 "7 April 2006" "libcurl 7.15.4" "libcurl Manual"
.SH NAME
curl_easy_unescape - URL decodes the given string
.SH SYNOPSIS
.B #include <curl/curl.h>
.sp
.BI "char *curl_easy_unescape( CURL *" curl ", const char *" url
.BI ", int "inlength ", int *" outlength " );"
.ad
.SH DESCRIPTION
This function converts the given URL encoded input string to a "plain string"
and returns that in an allocated memory area. All input characters that are
URL encoded (%XX where XX is a two-digit hexadecimal number) are converted to
their binary versions.
If the \fBlength\fP argument is set to 0 (zero), \fIcurl_easy_unescape(3)\fP
will use strlen() on the input \fIurl\fP string to find out the size.
If \fBoutlength\fP is non-NULL, the function will write the length of the
returned string in the integer it points to. This allows an escaped string
containing %00 to still get used properly after unescaping. Since this is a
pointer to an \fIint\fP type, it can only return a value up to INT_MAX so no
longer string can be unescaped if the string length is returned in this
parameter.
You must \fIcurl_free(3)\fP the returned string when you're done with it.
.SH AVAILABILITY
Added in 7.15.4 and replaces the old \fIcurl_unescape(3)\fP function.
.SH RETURN VALUE
A pointer to a zero terminated string or NULL if it failed.
.SH "SEE ALSO"
.BR curl_easy_escape "(3), " curl_free "(3)," RFC 3986