From: Daniel Stenberg Date: Wed, 3 Sep 2025 07:52:36 +0000 (+0200) Subject: tool_getparam: warn on more unicode prefixes X-Git-Tag: curl-8_16_0~43 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=765b5ab0cdaa6156885591f1e56110a0d2e975f8;p=thirdparty%2Fcurl.git tool_getparam: warn on more unicode prefixes If a string argument is expected and the first two bytes are 0xe2 ex80 and the third has the 7th bit set, that's enough for curl to warn. Previously we tried to detect and warn only for the unicode double quote, but users might use single quotes, other quotes or even lead the argument with one of the "zero widths" characters. This is an attempt to detect many of those. Without triggering for "normal" IDN hostnames. Closes #18459 --- diff --git a/src/tool_getparam.c b/src/tool_getparam.c index 165a4bfb6a..6be57dbd5c 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -2808,6 +2808,12 @@ static ParameterError opt_filestring(struct OperationConfig *config, return err; } +/* detect e2 80 80 - e2 80 ff */ +static bool has_leading_unicode(const unsigned char *arg) +{ + return ((arg[0] == 0xe2) && (arg[1] == 0x80) && (arg[2] & 0x80)); +} + /* the longest command line option, excluding the leading -- */ #define MAX_OPTION_LEN 26 @@ -2947,10 +2953,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ warnf("The filename argument '%s' looks like a flag.", nextarg); } - else if(!strncmp("\xe2\x80\x9c", nextarg, 3)) { - warnf("The argument '%s' starts with a Unicode quote where " - "maybe an ASCII \" was intended?", - nextarg); + else if(has_leading_unicode((const unsigned char *)nextarg)) { + warnf("The argument '%s' starts with a Unicode character. " + "Maybe ASCII was intended?", nextarg); } /* ARG_FILE | ARG_STRG */ err = opt_filestring(config, a, nextarg); diff --git a/tests/data/test469 b/tests/data/test469 index 1e394c9f26..87754a2646 100644 --- a/tests/data/test469 +++ b/tests/data/test469 @@ -45,8 +45,8 @@ warn about Unicode quote character # Verify data after the test has been "shot" -%hex[Warning: The argument '%e2%80%9chost:' starts with a Unicode quote where maybe an ]hex% -Warning: ASCII " was intended? +%hex[Warning: The argument '%e2%80%9chost:' starts with a Unicode character. Maybe ASCII ]hex% +Warning: was intended? diff --git a/tests/data/test470 b/tests/data/test470 index 5667bbb590..547121d11a 100644 --- a/tests/data/test470 +++ b/tests/data/test470 @@ -45,8 +45,8 @@ warn about Unicode quote character read from config file # Verify data after the test has been "shot" -%hex[Warning: The argument '%e2%80%9chost:fake%e2%80%9d' starts with a Unicode quote where ]hex% -Warning: maybe an ASCII " was intended? +%hex[Warning: The argument '%e2%80%9chost:fake%e2%80%9d' starts with a Unicode character. Maybe ]hex% +Warning: ASCII was intended?