Commit 79c44342 by Ben Straub

Make url decoding more bulletproof

parent d6eb3f9c
...@@ -658,23 +658,18 @@ void gitno_connection_data_free_ptrs(gitno_connection_data *d) ...@@ -658,23 +658,18 @@ void gitno_connection_data_free_ptrs(gitno_connection_data *d)
git__free(d->pass); d->pass = NULL; git__free(d->pass); d->pass = NULL;
} }
static char unescape_hex(char *x) #define hex2c(c) ((c | 32) % 39 - 9)
{
char digit;
digit = ((x[0] >= 'A') ? ((x[0] & 0xdf) - 'A')+10 : (x[0] - '0'));
digit *= 16;
digit += ((x[1] >= 'A') ? ((x[1] & 0xdf) - 'A')+10 : (x[1] - '0'));
return digit;
}
static char* unescape(char *str) static char* unescape(char *str)
{ {
int x, y; int x, y;
int len = strlen(str);
for (x=y=0; str[x]; ++x, ++y) { for (x=y=0; str[y]; ++x, ++y) {
if ((str[x] = str[y]) == '%') { if ((str[x] = str[y]) == '%') {
str[x] = unescape_hex(str+y+1); if (y < len-2 && isxdigit(str[y+1]) && isxdigit(str[y+2])) {
y += 2; str[x] = (hex2c(str[y+1]) << 4) + hex2c(str[y+2]);
y += 2;
}
} }
} }
str[x] = '\0'; str[x] = '\0';
......
...@@ -130,12 +130,12 @@ void test_network_urlparse__connection_data_ssl(void) ...@@ -130,12 +130,12 @@ void test_network_urlparse__connection_data_ssl(void)
void test_network_urlparse__encoded_username_password(void) void test_network_urlparse__encoded_username_password(void)
{ {
cl_git_pass(gitno_connection_data_from_url(&conndata, cl_git_pass(gitno_connection_data_from_url(&conndata,
"https://user%2fname:pass%40word@example.com/foo/bar/baz", "bar/baz")); "https://user%2fname:pass%40word%zyx%v@example.com/foo/bar/baz", "bar/baz"));
cl_assert_equal_s(conndata.host, "example.com"); cl_assert_equal_s(conndata.host, "example.com");
cl_assert_equal_s(conndata.port, "443"); cl_assert_equal_s(conndata.port, "443");
cl_assert_equal_s(conndata.path, "/foo/"); cl_assert_equal_s(conndata.path, "/foo/");
cl_assert_equal_s(conndata.user, "user/name"); cl_assert_equal_s(conndata.user, "user/name");
cl_assert_equal_s(conndata.pass, "pass@word"); cl_assert_equal_s(conndata.pass, "pass@word%zyx%v");
cl_assert_equal_i(conndata.use_ssl, true); cl_assert_equal_i(conndata.use_ssl, true);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment