From 60452236fa8fc28987946b0a3b38c8d51aebb4d1 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 25 Apr 2022 00:29:22 +0200 Subject: [PATCH] c_escape: escape '?' in generated --libcurl code In order to avoid the risk of it being used in an accidental trigraph in the generated code. Reported-by: Harry Sintonen Bug: https://hackerone.com/reports/1548535 Closes #8742 --- src/tool_setopt.c | 6 ++++++ tests/data/test1403 | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/tool_setopt.c b/src/tool_setopt.c index 6d763ab944..0b83ff8e46 100644 --- a/src/tool_setopt.c +++ b/src/tool_setopt.c @@ -273,6 +273,12 @@ static char *c_escape(const char *str, curl_off_t len) strcpy(e, "\\\""); e += 2; } + else if(c == '?') { + /* escape question marks as well, to prevent generating accidental + trigraphs */ + strcpy(e, "\\?"); + e += 2; + } else if(!isprint(c)) { msnprintf(e, 5, "\\x%02x", (unsigned)c); e += 4; diff --git a/tests/data/test1403 b/tests/data/test1403 index f86f0111ca..46bd63dceb 100644 --- a/tests/data/test1403 +++ b/tests/data/test1403 @@ -69,7 +69,7 @@ int main(int argc, char *argv[]) hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_BUFFERSIZE, 102400L); - curl_easy_setopt(hnd, CURLOPT_URL, "http://%HOSTIP:%HTTPPORT/we/want/%TESTNUMBER?foo=bar&baz=quux"); + curl_easy_setopt(hnd, CURLOPT_URL, "http://%HOSTIP:%HTTPPORT/we/want/%TESTNUMBER\?foo=bar&baz=quux"); curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped"); curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L); curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L); -- 2.47.3