diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2011-09-11 21:04:02 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2011-09-11 21:04:02 +0200 |
| commit | dd1061b6a79b0161597799e825bfefc27993ace5 (patch) | |
| tree | f7099078291da669907c5e3f428c10af27a54417 /libbb | |
| parent | 5126cf9a15f9e5c3986be0fc2743b63adcc6b1fb (diff) | |
| download | busybox-dd1061b6a79b0161597799e825bfefc27993ace5.tar.gz | |
wget: URL-decode user:password before base64-encoding it into auth hdr. Closes 3625.
function old new delta
percent_decode_in_place - 152 +152
parse_url 304 317 +13
handle_incoming_and_exit 2795 2798 +3
httpd_main 763 760 -3
decodeString 152 - -152
------------------------------------------------------------------------------
(add/remove: 2/1 grow/shrink: 2/1 up/down: 168/-155) Total: 13 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'libbb')
| -rw-r--r-- | libbb/percent_decode.c | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/libbb/percent_decode.c b/libbb/percent_decode.c new file mode 100644 index 000000000..9a9d80c4a --- /dev/null +++ b/libbb/percent_decode.c @@ -0,0 +1,69 @@ +/* vi: set sw=4 ts=4: */ +/* + * Licensed under GPLv2 or later, see file LICENSE in this source tree. + */ + +//kbuild:lib-y += percent_decode.o + +#include "libbb.h" + +static unsigned hex_to_bin(unsigned char c) +{ + unsigned v; + + v = c - '0'; + if (v <= 9) + return v; + /* c | 0x20: letters to lower case, non-letters + * to (potentially different) non-letters */ + v = (unsigned)(c | 0x20) - 'a'; + if (v <= 5) + return v + 10; + return ~0; +/* For testing: +void t(char c) { printf("'%c'(%u) %u\n", c, c, hex_to_bin(c)); } +int main() { t(0x10); t(0x20); t('0'); t('9'); t('A'); t('F'); t('a'); t('f'); +t('0'-1); t('9'+1); t('A'-1); t('F'+1); t('a'-1); t('f'+1); return 0; } +*/ +} + +char* FAST_FUNC percent_decode_in_place(char *str, int strict) +{ + /* note that decoded string is always shorter than original */ + char *src = str; + char *dst = str; + char c; + + while ((c = *src++) != '\0') { + unsigned v; + + if (!strict && c == '+') { + *dst++ = ' '; + continue; + } + if (c != '%') { + *dst++ = c; + continue; + } + v = hex_to_bin(src[0]); + if (v > 15) { + bad_hex: + if (strict) + return NULL; + *dst++ = '%'; + continue; + } + v = (v * 16) | hex_to_bin(src[1]); + if (v > 255) + goto bad_hex; + if (strict && (v == '/' || v == '\0')) { + /* caller takes it as indication of invalid + * (dangerous wrt exploits) chars */ + return str + 1; + } + *dst++ = v; + src += 2; + } + *dst = '\0'; + return str; +} |