generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Avoid typecasting a signed char to an int when using is*() functions, as that

Browse Source 
could very well cause a negate number get passed in and thus cause reading
outside of the array usually used for this purpose.

We avoid this by using the uppercase macro versions introduced just now that
does some extra crazy typecasts to avoid byte codes > 127 to cause negative
int values.
This commit is contained in:
Daniel Stenberg
2006-10-17 21:32:56 +00:00
parent 930f9bd534
commit 44d84ac164
17 changed files with 81 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/escape.c
View File

@@ -116,10 +116,6 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength)
return ns;
}
#define ishex(in) ((in >= 'a' && in <= 'f') || \
(in >= 'A' && in <= 'F') || \
(in >= '0' && in <= '9'))
char *curl_easy_unescape(CURL *handle, const char *string, int length,
int *olen)
{
@@ -138,7 +134,7 @@ char *curl_easy_unescape(CURL *handle, const char *string, int length,
while(--alloc > 0) {
in = *string;
if(('%' == in) && ishex(string[1]) && ishex(string[2])) {
if(('%' == in) && ISXDIGIT(string[1]) && ISXDIGIT(string[2])) {
/* this is two hexadecimal digits following a '%' */
char hexstr[3];
char *ptr;