From ec75ca7ab04302c9145ad6bf3023dd7359832f60 Mon Sep 17 00:00:00 2001 From: Benny Prijono Date: Sun, 6 Aug 2006 14:11:52 +0000 Subject: Change unescaping function in scanner and string.c to NOT unescape when '%' is not followed by hex digits. git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@654 74dad513-b988-da41-8d7b-12977e46ad98 --- pjlib-util/src/pjlib-util/scanner.c | 9 +++------ pjlib-util/src/pjlib-util/string.c | 4 +++- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/pjlib-util/src/pjlib-util/scanner.c b/pjlib-util/src/pjlib-util/scanner.c index cd2a54b2..a2a68bd3 100644 --- a/pjlib-util/src/pjlib-util/scanner.c +++ b/pjlib-util/src/pjlib-util/scanner.c @@ -303,12 +303,9 @@ PJ_DEF(void) pj_scan_get_unescape( pj_scanner *scanner, out->ptr = s; do { if (*s == '%') { - if (s+3 <= scanner->end) { - /* This doesn't check if the hex digits are valid. - * If they dont' it will produce garbage characters, but - * no harm is done to the application (e.g. no illegal - * memory access. - */ + if (s+3 <= scanner->end && pj_isxdigit(*(s+1)) && + pj_isxdigit(*(s+2))) + { *dst = (pj_uint8_t) ((pj_hex_digit_to_val(*(s+1)) << 4) + pj_hex_digit_to_val(*(s+2))); ++dst; diff --git a/pjlib-util/src/pjlib-util/string.c b/pjlib-util/src/pjlib-util/string.c index 8115bc8f..1bdebbb3 100644 --- a/pjlib-util/src/pjlib-util/string.c +++ b/pjlib-util/src/pjlib-util/string.c @@ -34,7 +34,9 @@ PJ_DEF(pj_str_t) pj_str_unescape( pj_pool_t *pool, const pj_str_t *src_str) dst = dst_str.ptr = pj_pool_alloc(pool, src_str->slen); while (src != end) { - if (*src == '%' && src < end-2) { + if (*src == '%' && src < end-2 && pj_isxdigit(*(src+1)) && + pj_isxdigit(*(src+2))) + { *dst = (pj_uint8_t) ((pj_hex_digit_to_val(*(src+1)) << 4) + pj_hex_digit_to_val(*(src+2))); ++dst; -- cgit v1.2.3