• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /***************************************************************************
2  *                                  _   _ ____  _
3  *  Project                     ___| | | |  _ \| |
4  *                             / __| | | | |_) | |
5  *                            | (__| |_| |  _ <| |___
6  *                             \___|\___/|_| \_\_____|
7  *
8  * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
9  *
10  * This software is licensed as described in the file COPYING, which
11  * you should have received as part of this distribution. The terms
12  * are also available at https://curl.haxx.se/docs/copyright.html.
13  *
14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15  * copies of the Software, and permit persons to whom the Software is
16  * furnished to do so, under the terms of the COPYING file.
17  *
18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19  * KIND, either express or implied.
20  *
21  ***************************************************************************/
22 
23 #include "curl_setup.h"
24 
25 #include <curl/curl.h>
26 
27 #include "dotdot.h"
28 #include "curl_memory.h"
29 
30 /* The last #include file should be: */
31 #include "memdebug.h"
32 
33 /*
34  * "Remove Dot Segments"
35  * https://tools.ietf.org/html/rfc3986#section-5.2.4
36  */
37 
38 /*
39  * Curl_dedotdotify()
40  * @unittest: 1395
41  *
42  * This function gets a zero-terminated path with dot and dotdot sequences
43  * passed in and strips them off according to the rules in RFC 3986 section
44  * 5.2.4.
45  *
46  * The function handles a query part ('?' + stuff) appended but it expects
47  * that fragments ('#' + stuff) have already been cut off.
48  *
49  * RETURNS
50  *
51  * an allocated dedotdotified output string
52  */
Curl_dedotdotify(const char * input)53 char *Curl_dedotdotify(const char *input)
54 {
55   size_t inlen = strlen(input);
56   char *clone;
57   size_t clen = inlen; /* the length of the cloned input */
58   char *out = malloc(inlen+1);
59   char *outptr;
60   char *orgclone;
61   char *queryp;
62   if(!out)
63     return NULL; /* out of memory */
64 
65   /* get a cloned copy of the input */
66   clone = strdup(input);
67   if(!clone) {
68     free(out);
69     return NULL;
70   }
71   orgclone = clone;
72   outptr = out;
73 
74   if(!*clone) {
75     /* zero length string, return that */
76     free(out);
77     return clone;
78   }
79 
80   /*
81    * To handle query-parts properly, we must find it and remove it during the
82    * dotdot-operation and then append it again at the end to the output
83    * string.
84    */
85   queryp = strchr(clone, '?');
86   if(queryp)
87     *queryp = 0;
88 
89   do {
90 
91     /*  A.  If the input buffer begins with a prefix of "../" or "./", then
92         remove that prefix from the input buffer; otherwise, */
93 
94     if(!strncmp("./", clone, 2)) {
95       clone+=2;
96       clen-=2;
97     }
98     else if(!strncmp("../", clone, 3)) {
99       clone+=3;
100       clen-=3;
101     }
102 
103     /*  B.  if the input buffer begins with a prefix of "/./" or "/.", where
104         "."  is a complete path segment, then replace that prefix with "/" in
105         the input buffer; otherwise, */
106     else if(!strncmp("/./", clone, 3)) {
107       clone+=2;
108       clen-=2;
109     }
110     else if(!strcmp("/.", clone)) {
111       clone[1]='/';
112       clone++;
113       clen-=1;
114     }
115 
116     /*  C.  if the input buffer begins with a prefix of "/../" or "/..", where
117         ".." is a complete path segment, then replace that prefix with "/" in
118         the input buffer and remove the last segment and its preceding "/" (if
119         any) from the output buffer; otherwise, */
120 
121     else if(!strncmp("/../", clone, 4)) {
122       clone+=3;
123       clen-=3;
124       /* remove the last segment from the output buffer */
125       while(outptr > out) {
126         outptr--;
127         if(*outptr == '/')
128           break;
129       }
130       *outptr = 0; /* zero-terminate where it stops */
131     }
132     else if(!strcmp("/..", clone)) {
133       clone[2]='/';
134       clone+=2;
135       clen-=2;
136       /* remove the last segment from the output buffer */
137       while(outptr > out) {
138         outptr--;
139         if(*outptr == '/')
140           break;
141       }
142       *outptr = 0; /* zero-terminate where it stops */
143     }
144 
145     /*  D.  if the input buffer consists only of "." or "..", then remove
146         that from the input buffer; otherwise, */
147 
148     else if(!strcmp(".", clone) || !strcmp("..", clone)) {
149       *clone=0;
150     }
151 
152     else {
153       /*  E.  move the first path segment in the input buffer to the end of
154           the output buffer, including the initial "/" character (if any) and
155           any subsequent characters up to, but not including, the next "/"
156           character or the end of the input buffer. */
157 
158       do {
159         *outptr++ = *clone++;
160         clen--;
161       } while(*clone && (*clone != '/'));
162       *outptr = 0;
163     }
164 
165   } while(*clone);
166 
167   if(queryp) {
168     size_t qlen;
169     /* There was a query part, append that to the output. The 'clone' string
170        may now have been altered so we copy from the original input string
171        from the correct index. */
172     size_t oindex = queryp - orgclone;
173     qlen = strlen(&input[oindex]);
174     memcpy(outptr, &input[oindex], qlen+1); /* include the ending zero byte */
175   }
176 
177   free(orgclone);
178   return out;
179 }
180