Second revision

Author: alejandro-perez

src/environ.c

@@ -103,29 +103,48 @@ static char *mag_escape_display_value(request_rec *req,
     /* This function returns a copy (in the pool) of the given gss_buffer_t
      * where every occurrence of " has been replaced by \". This string is
      * NULL terminated */
-    int i = 0;
+    int i = 0, j = 0;
     char *escaped_value = NULL, *p = NULL;
     char *value = (char*) disp_value.value;
 
     /* gss_buffer_t are not \0 terminated, but our result will be. Hence,
-     * escaped length will be original length * 2 + 1 in the worst case */
-    p = escaped_value = apr_palloc(req->pool, disp_value.length * 2 + 1);
-    for (i = 0; i < disp_value.length; i++) {
-        switch (value[i]){
-            case '"':  memcpy(p, "\\\"", 2); p += 2; break;
-            case '/':  memcpy(p, "\\/", 2);  p += 2; break;
-            case '\\': memcpy(p, "\\\\", 2); p += 2; break;
-            case '\b': memcpy(p, "\\b", 2);  p += 2; break;
-            case '\t': memcpy(p, "\\t", 2);  p += 2; break;
-            case '\r': memcpy(p, "\\r", 2);  p += 2; break;
-            case '\f': memcpy(p, "\\f", 2);  p += 2; break;
-            case '\n': memcpy(p, "\\n", 2);  p += 2; break;
-            default:   *p = value[i]; p += 1;   break;
+     * escaped length will be original length * 6 + 1 in the worst case */
+    p = escaped_value = apr_palloc(req->pool, disp_value.length * 6 + 1);
+    for (i = 0, j = 0; i < disp_value.length; i++, j++) {
+        if ((value[i] < 0x1F) || (value[i] == '"') || (value[i] == '\\')) {
+            escaped_value[j] = '\\';
+            j++;
+            switch (value[i]) {
+            case '"':
+            case '\\':
+                escaped_value[j] = value[i];
+                break;
+            case '\b':
+                escaped_value[j] = 'b';
+                break;
+            case '\t':
+                escaped_value[j] = 't';
+                break;
+            case '\r':
+                escaped_value[j] = 'r';
+                break;
+            case '\f':
+                escaped_value[j] = 'f';
+                break;
+            case '\n':
+                escaped_value[j] = 'n';
+                break;
+            default:
+                apr_snprintf(&escaped_value[j], 6, "u%04d", (int) value[i]);
+                j += 4;
+            }
+        } else {
+            escaped_value[j] = value[i];
         }
     }
 
     /* Make the string NULL terminated */
-    *p = 0;
+    escaped_value[j] = '\0';
     return escaped_value;
 }