diff options
Diffstat (limited to 'pjlib-util')
-rw-r--r-- | pjlib-util/src/pjlib-util/scanner.c | 9 | ||||
-rw-r--r-- | pjlib-util/src/pjlib-util/string.c | 4 |
2 files changed, 6 insertions, 7 deletions
diff --git a/pjlib-util/src/pjlib-util/scanner.c b/pjlib-util/src/pjlib-util/scanner.c index cd2a54b2..a2a68bd3 100644 --- a/pjlib-util/src/pjlib-util/scanner.c +++ b/pjlib-util/src/pjlib-util/scanner.c @@ -303,12 +303,9 @@ PJ_DEF(void) pj_scan_get_unescape( pj_scanner *scanner, out->ptr = s; do { if (*s == '%') { - if (s+3 <= scanner->end) { - /* This doesn't check if the hex digits are valid. - * If they dont' it will produce garbage characters, but - * no harm is done to the application (e.g. no illegal - * memory access. - */ + if (s+3 <= scanner->end && pj_isxdigit(*(s+1)) && + pj_isxdigit(*(s+2))) + { *dst = (pj_uint8_t) ((pj_hex_digit_to_val(*(s+1)) << 4) + pj_hex_digit_to_val(*(s+2))); ++dst; diff --git a/pjlib-util/src/pjlib-util/string.c b/pjlib-util/src/pjlib-util/string.c index 8115bc8f..1bdebbb3 100644 --- a/pjlib-util/src/pjlib-util/string.c +++ b/pjlib-util/src/pjlib-util/string.c @@ -34,7 +34,9 @@ PJ_DEF(pj_str_t) pj_str_unescape( pj_pool_t *pool, const pj_str_t *src_str) dst = dst_str.ptr = pj_pool_alloc(pool, src_str->slen); while (src != end) { - if (*src == '%' && src < end-2) { + if (*src == '%' && src < end-2 && pj_isxdigit(*(src+1)) && + pj_isxdigit(*(src+2))) + { *dst = (pj_uint8_t) ((pj_hex_digit_to_val(*(src+1)) << 4) + pj_hex_digit_to_val(*(src+2))); ++dst; |