Browse files

url: decode buffers that are not NUL-terminated

The url_decode function needs only minor tweaks to handle
arbitrary buffers. Let's do those tweaks, which cleans up an
unreadable mess of temporary strings in http.c.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
  • Loading branch information...
1 parent d79bcd6 commit 66c8448543432308e8fce5e3e04076e875410f67 @peff peff committed with Jul 18, 2011
Showing with 23 additions and 31 deletions.
  1. +4 −23 http.c
  2. +18 −8 url.c
  3. +1 −0 url.h
View
27 http.c
@@ -307,8 +307,7 @@ static CURL *get_curl_handle(void)
static void http_auth_init(const char *url)
{
- char *at, *colon, *cp, *slash, *decoded;
- int len;
+ char *at, *colon, *cp, *slash;
cp = strstr(url, "://");
if (!cp)
@@ -328,29 +327,11 @@ static void http_auth_init(const char *url)
return; /* No credentials */
if (!colon || at <= colon) {
/* Only username */
- len = at - cp;
- user_name = xmalloc(len + 1);
- memcpy(user_name, cp, len);
- user_name[len] = '\0';
- decoded = url_decode(user_name);
- free(user_name);
- user_name = decoded;
+ user_name = url_decode_mem(cp, at - cp);
user_pass = NULL;
} else {
- len = colon - cp;
- user_name = xmalloc(len + 1);
- memcpy(user_name, cp, len);
- user_name[len] = '\0';
- decoded = url_decode(user_name);
- free(user_name);
- user_name = decoded;
- len = at - (colon + 1);
- user_pass = xmalloc(len + 1);
- memcpy(user_pass, colon + 1, len);
- user_pass[len] = '\0';
- decoded = url_decode(user_pass);
- free(user_pass);
- user_pass = decoded;
+ user_name = url_decode_mem(cp, colon - cp);
+ user_pass = url_decode_mem(colon + 1, at - (colon + 1));
}
}
View
26 url.c
@@ -68,18 +68,20 @@ static int url_decode_char(const char *q)
return val;
}
-static char *url_decode_internal(const char **query, const char *stop_at,
- struct strbuf *out, int decode_plus)
+static char *url_decode_internal(const char **query, int len,
+ const char *stop_at, struct strbuf *out,
+ int decode_plus)
{
const char *q = *query;
- do {
+ while (len) {
unsigned char c = *q;
if (!c)
break;
if (stop_at && strchr(stop_at, c)) {
q++;
+ len--;
break;
}
@@ -88,6 +90,7 @@ static char *url_decode_internal(const char **query, const char *stop_at,
if (0 <= val) {
strbuf_addch(out, val);
q += 3;
+ len -= 3;
continue;
}
}
@@ -97,34 +100,41 @@ static char *url_decode_internal(const char **query, const char *stop_at,
else
strbuf_addch(out, c);
q++;
- } while (1);
+ len--;
+ }
*query = q;
return strbuf_detach(out, NULL);
}
char *url_decode(const char *url)
{
+ return url_decode_mem(url, strlen(url));
+}
+
+char *url_decode_mem(const char *url, int len)
+{
struct strbuf out = STRBUF_INIT;
- const char *colon = strchr(url, ':');
+ const char *colon = memchr(url, ':', len);
/* Skip protocol part if present */
if (colon && url < colon) {
strbuf_add(&out, url, colon - url);
+ len -= colon - url;
url = colon;
}
- return url_decode_internal(&url, NULL, &out, 0);
+ return url_decode_internal(&url, len, NULL, &out, 0);
}
char *url_decode_parameter_name(const char **query)
{
struct strbuf out = STRBUF_INIT;
- return url_decode_internal(query, "&=", &out, 1);
+ return url_decode_internal(query, -1, "&=", &out, 1);
}
char *url_decode_parameter_value(const char **query)
{
struct strbuf out = STRBUF_INIT;
- return url_decode_internal(query, "&", &out, 1);
+ return url_decode_internal(query, -1, "&", &out, 1);
}
void end_url_with_slash(struct strbuf *buf, const char *url)
View
1 url.h
@@ -4,6 +4,7 @@
extern int is_url(const char *url);
extern int is_urlschemechar(int first_flag, int ch);
extern char *url_decode(const char *url);
+extern char *url_decode_mem(const char *url, int len);
extern char *url_decode_parameter_name(const char **query);
extern char *url_decode_parameter_value(const char **query);

0 comments on commit 66c8448

Please sign in to comment.