* Fixed output-buffer-overflow bug in uh_urlencode() and uh_urldecode() [tested
input-buffer index against output-buffer length]. In reality, this would not
typically cause an overflow on decode, where the output string would be
expected to be shorter than the input string; and uh_urlencode() seems to have
been unreferenced in the source.
* Fixed bug: uh_urlencode() and uh_urldecode() both read one extra byte from the
input-string. While this could manifest in C code, the result was most
egregious when called from Lua, where it caused an extra null byte to be
embedded at the end of the output string.
* uh_urlencode() cleanup: removed redundant bitwise-and.
Signed-off-by: David Favro <openwrt@meta-dynamic.com>
SVN-Revision: 31569
+/* blen is the size of buf; slen is the length of src. The input-string need
+** not be, and the output string will not be, null-terminated. Returns the
+** length of the decoded string. */
int uh_urldecode(char *buf, int blen, const char *src, int slen)
{
int i;
int uh_urldecode(char *buf, int blen, const char *src, int slen)
{
int i;
(((x) <= 'F') ? ((x) - 'A' + 10) : \
((x) - 'a' + 10)))
(((x) <= 'F') ? ((x) - 'A' + 10) : \
((x) - 'a' + 10)))
- for( i = 0; (i <= slen) && (i <= blen); i++ )
+ for( i = 0; (i < slen) && (len < blen); i++ )
- if( ((i+2) <= slen) && isxdigit(src[i+1]) && isxdigit(src[i+2]) )
+ if( ((i+2) < slen) && isxdigit(src[i+1]) && isxdigit(src[i+2]) )
{
buf[len++] = (char)(16 * hex(src[i+1]) + hex(src[i+2]));
i += 2;
{
buf[len++] = (char)(16 * hex(src[i+1]) + hex(src[i+2]));
i += 2;
+/* blen is the size of buf; slen is the length of src. The input-string need
+** not be, and the output string will not be, null-terminated. Returns the
+** length of the encoded string. */
int uh_urlencode(char *buf, int blen, const char *src, int slen)
{
int i;
int len = 0;
const char hex[] = "0123456789abcdef";
int uh_urlencode(char *buf, int blen, const char *src, int slen)
{
int i;
int len = 0;
const char hex[] = "0123456789abcdef";
- for( i = 0; (i <= slen) && (i <= blen); i++ )
+ for( i = 0; (i < slen) && (len < blen); i++ )
{
if( isalnum(src[i]) || (src[i] == '-') || (src[i] == '_') ||
(src[i] == '.') || (src[i] == '~') )
{
if( isalnum(src[i]) || (src[i] == '-') || (src[i] == '_') ||
(src[i] == '.') || (src[i] == '~') )
{
buf[len++] = '%';
buf[len++] = hex[(src[i] >> 4) & 15];
{
buf[len++] = '%';
buf[len++] = hex[(src[i] >> 4) & 15];
- buf[len++] = hex[(src[i] & 15) & 15];
+ buf[len++] = hex[ src[i] & 15];
uh_urldecode(
&buffer[strlen(docroot)],
sizeof(buffer) - strlen(docroot) - 1,
uh_urldecode(
&buffer[strlen(docroot)],
sizeof(buffer) - strlen(docroot) - 1,
- url, (int)(pathptr - url) - 1