From bdc1d68e5d593d647eafe32d0f2855bc7f9a4b1e Mon Sep 17 00:00:00 2001 From: Bogdan-Andrei Iancu Date: Tue, 17 Oct 2017 11:40:47 +0300 Subject: [PATCH] Fix escaping URI parameters - skip alphanumerical chars. Reported by Ben Newlin on "user" mailing list. (cherry picked from commit b5094f0dc6a4f52555f9cca1ea9df7c846749482) --- strcommon.c | 79 +++++++++++++++++++++++++++-------------------------- 1 file changed, 41 insertions(+), 38 deletions(-) diff --git a/strcommon.c b/strcommon.c index 23e3299fa16..58009b93ca5 100644 --- a/strcommon.c +++ b/strcommon.c @@ -274,8 +274,7 @@ int escape_user(str *sin, str *sout) LM_ERR("invalid escaped character <%u>\n", (unsigned int)*p); return -1; } - if (isdigit((int)*p) || ((*p >= 'A') && (*p <= 'Z')) || - ((*p >= 'a') && (*p <= 'z'))) + if (isalnum((int)*p)) { *at = *p; } else { @@ -358,42 +357,46 @@ int escape_param(str *sin, str *sout) LM_ERR("invalid escaped character <%u>\n", (unsigned int)*p); return -1; } - switch (*p) { - /* unreserved chars */ - case '-': - case '_': - case '.': - case '!': - case '~': - case '*': - case '\'': - case '(': - case ')': - /* param unreserved chars */ - case '[': - case ']': - case '/': - case ':': - case '&': - case '+': - case '$': - *at = *p; - break; - default: - *at++ = '%'; - x = (*p) >> 4; - if (x < 10) - { - *at++ = x + '0'; - } else { - *at++ = x - 10 + 'a'; - } - x = (*p) & 0x0f; - if (x < 10) { - *at = x + '0'; - } else { - *at = x - 10 + 'a'; - } + if (isalnum((int)*p)) { + *at = *p; + } else { + switch (*p) { + /* unreserved chars */ + case '-': + case '_': + case '.': + case '!': + case '~': + case '*': + case '\'': + case '(': + case ')': + /* param unreserved chars */ + case '[': + case ']': + case '/': + case ':': + case '&': + case '+': + case '$': + *at = *p; + break; + default: + *at++ = '%'; + x = (*p) >> 4; + if (x < 10) + { + *at++ = x + '0'; + } else { + *at++ = x - 10 + 'a'; + } + x = (*p) & 0x0f; + if (x < 10) { + *at = x + '0'; + } else { + *at = x - 10 + 'a'; + } + } } at++; p++;