From: Amos Jeffries Date: Sun, 28 Aug 2011 04:38:11 +0000 (+1200) Subject: Bug 3295: broken escaping in rfc1738_do_escape X-Git-Tag: take08~35^2~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bd76637bc92426c84b866eec07b11c3373faef56;p=thirdparty%2Fsquid.git Bug 3295: broken escaping in rfc1738_do_escape --- diff --git a/lib/rfc1738.c b/lib/rfc1738.c index b763835ac4..d5060fe844 100644 --- a/lib/rfc1738.c +++ b/lib/rfc1738.c @@ -86,8 +86,8 @@ rfc1738_do_escape(const char *url, int flags) { static char *buf; static size_t bufsize = 0; - const char *p; - char *q; + const char *src; + char *dst; unsigned int i, do_escape; if (buf == NULL || strlen(url) * 3 > bufsize) { @@ -95,11 +95,11 @@ rfc1738_do_escape(const char *url, int flags) bufsize = strlen(url) * 3 + 1; buf = (char*)xcalloc(bufsize, 1); } - for (p = url, q = buf; *p != '\0' && q < (buf + bufsize - 1); p++, q++) { + for (src = url, dst = buf; *src != '\0' && dst < (buf + bufsize - 1); src++, dst++) { /* a-z, A-Z and 0-9 are SAFE. */ - if ((*p >= 'a' && *p <= 'z') || (*p >= 'A' && *p <= 'Z') || (*p >= '0' && *p <= '9')) { - *q = *p; + if ((*src >= 'a' && *src <= 'z') || (*src >= 'A' && *src <= 'Z') || (*src >= '0' && *src <= '9')) { + *dst = *src; continue; } @@ -108,22 +108,22 @@ rfc1738_do_escape(const char *url, int flags) /* RFC 1738 defines these chars as unsafe */ if ((flags & RFC1738_ESCAPE_UNSAFE)) { for (i = 0; i < sizeof(rfc1738_unsafe_chars); i++) { - if (*p == rfc1738_unsafe_chars[i]) { + if (*src == rfc1738_unsafe_chars[i]) { do_escape = 1; break; } } /* Handle % separately */ - if (!(flags & RFC1738_ESCAPE_NOPERCENT) && *p == '%') + if (!(flags & RFC1738_ESCAPE_NOPERCENT) && *src == '%') do_escape = 1; /* Handle space separately */ - else if (!(flags & RFC1738_ESCAPE_NOSPACE) && *p <= ' ') + else if (!(flags & RFC1738_ESCAPE_NOSPACE) && *src <= ' ') do_escape = 1; } /* RFC 1738 defines these chars as reserved */ if ((flags & RFC1738_ESCAPE_RESERVED) && do_escape == 0) { for (i = 0; i < sizeof(rfc1738_reserved_chars); i++) { - if (*p == rfc1738_reserved_chars[i]) { + if (*src == rfc1738_reserved_chars[i]) { do_escape = 1; break; } @@ -131,27 +131,24 @@ rfc1738_do_escape(const char *url, int flags) } if ((flags & RFC1738_ESCAPE_CTRLS) && do_escape == 0) { /* RFC 1738 says any control chars (0x00-0x1F) are encoded */ - if ((unsigned char) *p <= (unsigned char) 0x1F) + if ((unsigned char) *src <= (unsigned char) 0x1F) do_escape = 1; /* RFC 1738 says 0x7f is encoded */ - else if (*p == (char) 0x7F) + else if (*src == (char) 0x7F) do_escape = 1; /* RFC 1738 says any non-US-ASCII are encoded */ - else if (((unsigned char) *p >= (unsigned char) 0x80)) + else if (((unsigned char) *src >= (unsigned char) 0x80)) do_escape = 1; } /* Do the triplet encoding, or just copy the char */ - /* note: we do not need snprintf here as q is appropriately - * allocated - KA */ - if (do_escape == 1) { - (void) snprintf(q, (bufsize-(p-buf)), "%%%02X", (unsigned char) *p); - q += sizeof(char) * 2; + (void) snprintf(dst, (bufsize-(dst-buf)), "%%%02X", (unsigned char) *src); + dst += sizeof(char) * 2; } else { - *q = *p; + *dst = *src; } } - *q = '\0'; + *dst = '\0'; return (buf); }