1 /***************************************************************************
2  *                                  _   _ ____  _
3  *  Project                     ___| | | |  _ \| |
4  *                             / __| | | | |_) | |
5  *                            | (__| |_| |  _ <| |___
6  *                             \___|\___/|_| \_\_____|
7  *
8  * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
9  *
10  * This software is licensed as described in the file COPYING, which
11  * you should have received as part of this distribution. The terms
12  * are also available at http://curl.haxx.se/docs/copyright.html.
13  *
14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15  * copies of the Software, and permit persons to whom the Software is
16  * furnished to do so, under the terms of the COPYING file.
17  *
18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19  * KIND, either express or implied.
20  *
21  ***************************************************************************/
22 
23 /* Escape and unescape URL encoding in strings. The functions return a new
24  * allocated string or NULL if an error occurred.  */
25 
26 #include <ctype.h>
27 
28 #include <stdio.h>
29 #include <stdlib.h>
30 #include <string.h>
31 
32 /* Portable character check (remember EBCDIC). Do not use isalnum() because
33    its behavior is altered by the current locale.
34    See http://tools.ietf.org/html/rfc3986#section-2.3
35 */
Curl_isunreserved(unsigned char in)36 static int Curl_isunreserved(unsigned char in)
37 {
38   switch (in) {
39     case '0': case '1': case '2': case '3': case '4':
40     case '5': case '6': case '7': case '8': case '9':
41     case 'a': case 'b': case 'c': case 'd': case 'e':
42     case 'f': case 'g': case 'h': case 'i': case 'j':
43     case 'k': case 'l': case 'm': case 'n': case 'o':
44     case 'p': case 'q': case 'r': case 's': case 't':
45     case 'u': case 'v': case 'w': case 'x': case 'y': case 'z':
46     case 'A': case 'B': case 'C': case 'D': case 'E':
47     case 'F': case 'G': case 'H': case 'I': case 'J':
48     case 'K': case 'L': case 'M': case 'N': case 'O':
49     case 'P': case 'Q': case 'R': case 'S': case 'T':
50     case 'U': case 'V': case 'W': case 'X': case 'Y': case 'Z':
51     case '-': case '.': case '_': case '~':
52       return 1;
53     default:
54       break;
55   }
56   return 0;
57 }
58 
uri_escape(const char * string,int inlength)59 char *uri_escape(const char *string, int inlength)
60 {
61   size_t alloc = (inlength?(size_t)inlength:strlen(string))+1;
62   char *ns;
63   char *testing_ptr = NULL;
64   unsigned char in; /* we need to treat the characters unsigned */
65   size_t newlen = alloc;
66   int strindex=0;
67   size_t length;
68 
69   ns = malloc(alloc);
70   if(!ns)
71     return NULL;
72 
73   length = alloc-1;
74   while(length--) {
75     in = *string;
76 
77     if (Curl_isunreserved(in)) {
78       /* just copy this */
79       ns[strindex++]=in;
80     }
81     else {
82       /* encode it */
83       newlen += 2; /* the size grows with two, since this'll become a %XX */
84       if(newlen > alloc) {
85         alloc *= 2;
86         testing_ptr = realloc(ns, alloc);
87         if(!testing_ptr) {
88           free( ns );
89           return NULL;
90         }
91         else {
92           ns = testing_ptr;
93         }
94       }
95 
96       snprintf(&ns[strindex], 4, "%%%02X", in);
97 
98       strindex+=3;
99     }
100     string++;
101   }
102   ns[strindex]=0; /* terminate it */
103   return ns;
104 }
105 
106 #define ISXDIGIT(x) (isxdigit((int) ((unsigned char)x)))
107 #define CURL_MASK_UCHAR  0xFF
108 
109 /*
110 ** unsigned long to unsigned char
111 */
112 
curlx_ultouc(unsigned long ulnum)113 unsigned char curlx_ultouc(unsigned long ulnum)
114 {
115 #ifdef __INTEL_COMPILER
116 #  pragma warning(push)
117 #  pragma warning(disable:810) /* conversion may lose significant bits */
118 #endif
119 
120   return (unsigned char)(ulnum & (unsigned long) CURL_MASK_UCHAR);
121 
122 #ifdef __INTEL_COMPILER
123 #  pragma warning(pop)
124 #endif
125 }
126 
uri_unescape(const char * string,int length)127 char *uri_unescape(const char *string, int length)
128 {
129   int alloc = (length?length:(int)strlen(string))+1;
130   char *ns = malloc(alloc);
131   unsigned char in;
132   int strindex=0;
133   unsigned long hex;
134 
135   if( !ns )
136     return NULL;
137 
138   while(--alloc > 0) {
139     in = *string;
140     if(('%' == in) && ISXDIGIT(string[1]) && ISXDIGIT(string[2])) {
141       /* this is two hexadecimal digits following a '%' */
142       char hexstr[3];
143       char *ptr;
144       hexstr[0] = string[1];
145       hexstr[1] = string[2];
146       hexstr[2] = 0;
147 
148       hex = strtoul(hexstr, &ptr, 16);
149 
150       in = curlx_ultouc(hex); /* this long is never bigger than 255 anyway */
151 
152 #ifdef CURL_DOES_CONVERSIONS
153 /* escape sequences are always in ASCII so convert them on non-ASCII hosts */
154       if(!handle ||
155           (Curl_convert_from_network(handle, &in, 1) != CURLE_OK)) {
156         /* Curl_convert_from_network calls failf if unsuccessful */
157         free(ns);
158         return NULL;
159       }
160 #endif /* CURL_DOES_CONVERSIONS */
161 
162       string+=2;
163       alloc-=2;
164     }
165 
166     ns[strindex++] = in;
167     string++;
168   }
169   ns[strindex]=0; /* terminate it */
170 
171   return ns;
172 }
173