diff options
author | Yann Ylavic <ylavic@apache.org> | 2022-06-27 15:26:09 +0000 |
---|---|---|
committer | Yann Ylavic <ylavic@apache.org> | 2022-06-27 15:26:09 +0000 |
commit | 622905ddfa7b45dfca350e13442892de3c1f48e9 (patch) | |
tree | 90ce50291110845d9fa861dd6ec6d801c50179fc /encoding/apr_escape.c | |
parent | fc17ab1e8415581b23416caa8925602d1e40d100 (diff) | |
download | apr-622905ddfa7b45dfca350e13442892de3c1f48e9.tar.gz |
encoding: Better check inputs of apr_{encode,decode}_* functions.
Check that the given sources can be encoded without overflowing.
Return APR_EINVAL if the given "slen" is negative, APR_NOTFOUND if "dest" is
not NULL and "src" is NULL, or APR_ENOSPC if "dest" is NULL and the source
length (based on "slen" or APR_ENCODE_STRING) is too big to encode.
* include/private/apr_encode_private.h():
Rename ENCODE_TO_ASCII() and ENCODE_TO_NATIVE() to respectively TO_ASCII()
and TO_ENCODE(), and make them return an unsigned char.
* encoding/apr_escape.c():
Use the new TO_ASCII() and TO_NATIVE().
* encoding/apr_encode.c(apr_encode_*, apr_decode_*):
Forbid negative "slen" but APR_ENCODE_STRING, and use apr_size_t arithmetics
to check for overflows when encoding.
When "dest" is NULL, "src" can be NULL too.
Better check for trailing '='s or base16's APR_ENCODE_COLON ':' separators.
Rename ENCODE_TO_ASCII and ENCODE_TO_NATIVE to their new names, and remove
casts to (unsigned char) now unnecessary.
* include/apr_encode.h():
Update dox about acceptable inputs and returned errors.
* test/testencode.c():
Tests for error conditions.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1902281 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'encoding/apr_escape.c')
-rw-r--r-- | encoding/apr_escape.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/encoding/apr_escape.c b/encoding/apr_escape.c index b3bc82d35..6074d739e 100644 --- a/encoding/apr_escape.c +++ b/encoding/apr_escape.c @@ -131,7 +131,7 @@ static char x2c(const char *what) xstr[2]=what[0]; xstr[3]=what[1]; xstr[4]='\0'; - digit = ENCODE_TO_NATIVE[0xFF & strtol(xstr, NULL, 16)]; + digit = TO_NATIVE(strtol(xstr, NULL, 16)); #endif /*APR_CHARSET_EBCDIC*/ return (digit); } @@ -716,7 +716,7 @@ APR_DECLARE(apr_status_t) apr_unescape_entity(char *unescaped, const char *str, size--; } else { - *d = ENCODE_TO_ASCII(val); + *d = TO_ASCII(val); found = 1; } } @@ -737,7 +737,7 @@ APR_DECLARE(apr_status_t) apr_unescape_entity(char *unescaped, const char *str, *d = '&'; /* unknown */ } else { - *d = ENCODE_TO_ASCII(((const unsigned char *) ents)[j]); + *d = TO_ASCII(ents[j]); s += i; slen -= i; found = 1; |