1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * SPDX-License-Identifier: curl
22 *
23 ***************************************************************************/
24
25 /* Escape and unescape URL encoding in strings. The functions return a new
26 * allocated string or NULL if an error occurred. */
27
28 #include "curl_setup.h"
29
30 #include <curl/curl.h>
31
32 #include "urldata.h"
33 #include "warnless.h"
34 #include "escape.h"
35 #include "strdup.h"
36 /* The last 3 #include files should be in this order */
37 #include "curl_printf.h"
38 #include "curl_memory.h"
39 #include "memdebug.h"
40
41 /* Portable character check (remember EBCDIC). Do not use isalnum() because
42 its behavior is altered by the current locale.
43 See https://datatracker.ietf.org/doc/html/rfc3986#section-2.3
44 */
Curl_isunreserved(unsigned char in)45 bool Curl_isunreserved(unsigned char in)
46 {
47 switch(in) {
48 case '0': case '1': case '2': case '3': case '4':
49 case '5': case '6': case '7': case '8': case '9':
50 case 'a': case 'b': case 'c': case 'd': case 'e':
51 case 'f': case 'g': case 'h': case 'i': case 'j':
52 case 'k': case 'l': case 'm': case 'n': case 'o':
53 case 'p': case 'q': case 'r': case 's': case 't':
54 case 'u': case 'v': case 'w': case 'x': case 'y': case 'z':
55 case 'A': case 'B': case 'C': case 'D': case 'E':
56 case 'F': case 'G': case 'H': case 'I': case 'J':
57 case 'K': case 'L': case 'M': case 'N': case 'O':
58 case 'P': case 'Q': case 'R': case 'S': case 'T':
59 case 'U': case 'V': case 'W': case 'X': case 'Y': case 'Z':
60 case '-': case '.': case '_': case '~':
61 return TRUE;
62 default:
63 break;
64 }
65 return FALSE;
66 }
67
68 /* for ABI-compatibility with previous versions */
curl_escape(const char * string,int inlength)69 char *curl_escape(const char *string, int inlength)
70 {
71 return curl_easy_escape(NULL, string, inlength);
72 }
73
74 /* for ABI-compatibility with previous versions */
curl_unescape(const char * string,int length)75 char *curl_unescape(const char *string, int length)
76 {
77 return curl_easy_unescape(NULL, string, length, NULL);
78 }
79
80 /* Escapes for URL the given unescaped string of given length.
81 * 'data' is ignored since 7.82.0.
82 */
curl_easy_escape(struct Curl_easy * data,const char * string,int inlength)83 char *curl_easy_escape(struct Curl_easy *data, const char *string,
84 int inlength)
85 {
86 size_t length;
87 struct dynbuf d;
88 (void)data;
89
90 if(inlength < 0)
91 return NULL;
92
93 Curl_dyn_init(&d, CURL_MAX_INPUT_LENGTH * 3);
94
95 length = (inlength?(size_t)inlength:strlen(string));
96 if(!length)
97 return strdup("");
98
99 while(length--) {
100 unsigned char in = *string++; /* treat the characters unsigned */
101
102 if(Curl_isunreserved(in)) {
103 /* append this */
104 if(Curl_dyn_addn(&d, &in, 1))
105 return NULL;
106 }
107 else {
108 /* encode it */
109 const char hex[] = "0123456789ABCDEF";
110 char out[3]={'%'};
111 out[1] = hex[in>>4];
112 out[2] = hex[in & 0xf];
113 if(Curl_dyn_addn(&d, out, 3))
114 return NULL;
115 }
116 }
117
118 return Curl_dyn_ptr(&d);
119 }
120
121 static const unsigned char hextable[] = {
122 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, /* 0x30 - 0x3f */
123 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x40 - 0x4f */
124 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x50 - 0x5f */
125 0, 10, 11, 12, 13, 14, 15 /* 0x60 - 0x66 */
126 };
127
128 /* the input is a single hex digit */
129 #define onehex2dec(x) hextable[x - '0']
130
131 /*
132 * Curl_urldecode() URL decodes the given string.
133 *
134 * Returns a pointer to a malloced string in *ostring with length given in
135 * *olen. If length == 0, the length is assumed to be strlen(string).
136 *
137 * ctrl options:
138 * - REJECT_NADA: accept everything
139 * - REJECT_CTRL: rejects control characters (byte codes lower than 32) in
140 * the data
141 * - REJECT_ZERO: rejects decoded zero bytes
142 *
143 * The values for the enum starts at 2, to make the assert detect legacy
144 * invokes that used TRUE/FALSE (0 and 1).
145 */
146
Curl_urldecode(const char * string,size_t length,char ** ostring,size_t * olen,enum urlreject ctrl)147 CURLcode Curl_urldecode(const char *string, size_t length,
148 char **ostring, size_t *olen,
149 enum urlreject ctrl)
150 {
151 size_t alloc;
152 char *ns;
153
154 DEBUGASSERT(string);
155 DEBUGASSERT(ctrl >= REJECT_NADA); /* crash on TRUE/FALSE */
156
157 alloc = (length?length:strlen(string));
158 ns = malloc(alloc + 1);
159
160 if(!ns)
161 return CURLE_OUT_OF_MEMORY;
162
163 /* store output string */
164 *ostring = ns;
165
166 while(alloc) {
167 unsigned char in = *string;
168 if(('%' == in) && (alloc > 2) &&
169 ISXDIGIT(string[1]) && ISXDIGIT(string[2])) {
170 /* this is two hexadecimal digits following a '%' */
171 in = (unsigned char)(onehex2dec(string[1]) << 4) | onehex2dec(string[2]);
172
173 string += 3;
174 alloc -= 3;
175 }
176 else {
177 string++;
178 alloc--;
179 }
180
181 if(((ctrl == REJECT_CTRL) && (in < 0x20)) ||
182 ((ctrl == REJECT_ZERO) && (in == 0))) {
183 Curl_safefree(*ostring);
184 return CURLE_URL_MALFORMAT;
185 }
186
187 *ns++ = in;
188 }
189 *ns = 0; /* terminate it */
190
191 if(olen)
192 /* store output size */
193 *olen = ns - *ostring;
194
195 return CURLE_OK;
196 }
197
198 /*
199 * Unescapes the given URL escaped string of given length. Returns a
200 * pointer to a malloced string with length given in *olen.
201 * If length == 0, the length is assumed to be strlen(string).
202 * If olen == NULL, no output length is stored.
203 * 'data' is ignored since 7.82.0.
204 */
curl_easy_unescape(struct Curl_easy * data,const char * string,int length,int * olen)205 char *curl_easy_unescape(struct Curl_easy *data, const char *string,
206 int length, int *olen)
207 {
208 char *str = NULL;
209 (void)data;
210 if(length >= 0) {
211 size_t inputlen = (size_t)length;
212 size_t outputlen;
213 CURLcode res = Curl_urldecode(string, inputlen, &str, &outputlen,
214 REJECT_NADA);
215 if(res)
216 return NULL;
217
218 if(olen) {
219 if(outputlen <= (size_t) INT_MAX)
220 *olen = curlx_uztosi(outputlen);
221 else
222 /* too large to return in an int, fail! */
223 Curl_safefree(str);
224 }
225 }
226 return str;
227 }
228
229 /* For operating systems/environments that use different malloc/free
230 systems for the app and for this library, we provide a free that uses
231 the library's memory system */
curl_free(void * p)232 void curl_free(void *p)
233 {
234 free(p);
235 }
236