diff options
author | Benny Prijono <bennylp@teluu.com> | 2006-08-06 14:11:52 +0000 |
---|---|---|
committer | Benny Prijono <bennylp@teluu.com> | 2006-08-06 14:11:52 +0000 |
commit | ec75ca7ab04302c9145ad6bf3023dd7359832f60 (patch) | |
tree | dc8746ce809ac24a6016a2cab3cbdd6d2b004b88 | |
parent | 7d4e5f795015cc061a65f812c0642cfd2891681e (diff) |
Change unescaping function in scanner and string.c to NOT unescape when '%' is not followed by hex digits.
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@654 74dad513-b988-da41-8d7b-12977e46ad98
-rw-r--r-- | pjlib-util/src/pjlib-util/scanner.c | 9 | ||||
-rw-r--r-- | pjlib-util/src/pjlib-util/string.c | 4 |
2 files changed, 6 insertions, 7 deletions
diff --git a/pjlib-util/src/pjlib-util/scanner.c b/pjlib-util/src/pjlib-util/scanner.c index cd2a54b2..a2a68bd3 100644 --- a/pjlib-util/src/pjlib-util/scanner.c +++ b/pjlib-util/src/pjlib-util/scanner.c @@ -303,12 +303,9 @@ PJ_DEF(void) pj_scan_get_unescape( pj_scanner *scanner, out->ptr = s; do { if (*s == '%') { - if (s+3 <= scanner->end) { - /* This doesn't check if the hex digits are valid. - * If they dont' it will produce garbage characters, but - * no harm is done to the application (e.g. no illegal - * memory access. - */ + if (s+3 <= scanner->end && pj_isxdigit(*(s+1)) && + pj_isxdigit(*(s+2))) + { *dst = (pj_uint8_t) ((pj_hex_digit_to_val(*(s+1)) << 4) + pj_hex_digit_to_val(*(s+2))); ++dst; diff --git a/pjlib-util/src/pjlib-util/string.c b/pjlib-util/src/pjlib-util/string.c index 8115bc8f..1bdebbb3 100644 --- a/pjlib-util/src/pjlib-util/string.c +++ b/pjlib-util/src/pjlib-util/string.c @@ -34,7 +34,9 @@ PJ_DEF(pj_str_t) pj_str_unescape( pj_pool_t *pool, const pj_str_t *src_str) dst = dst_str.ptr = pj_pool_alloc(pool, src_str->slen); while (src != end) { - if (*src == '%' && src < end-2) { + if (*src == '%' && src < end-2 && pj_isxdigit(*(src+1)) && + pj_isxdigit(*(src+2))) + { *dst = (pj_uint8_t) ((pj_hex_digit_to_val(*(src+1)) << 4) + pj_hex_digit_to_val(*(src+2))); ++dst; |