2008-12-05 17:31:39 +01:00
|
|
|
/* percent.c - Percent escaping
|
2009-04-01 12:51:53 +02:00
|
|
|
* Copyright (C) 2008, 2009 Free Software Foundation, Inc.
|
2008-12-05 17:31:39 +01:00
|
|
|
*
|
|
|
|
* This file is part of GnuPG.
|
|
|
|
*
|
Change license for some files in common to LGPLv3+/GPLv2+.
Having the LGPL on the common GnuPG code helps to share code
between GnuPG and related projects (like GPGME and Libassuan). This
is good for interoperability and to reduces bugs.
* common/asshelp.c, common/asshelp.h, common/asshelp2.c, common/b64dec.c
* common/b64enc.c, common/convert.c, common/dns-cert.c
* common/dns-cert.h common/exechelp-posix.c, common/exechelp-w32.c
* common/exechelp-w32ce.c, common/exechelp.h, common/get-passphrase.c
* common/get-passphrase.h, common/gettime.c, common/gpgrlhelp.c
* common/helpfile.c, common/homedir.c, common/http.c, common/http.h
* common/i18n.c, common/init.c, common/init.h, common/iobuf.c
* common/iobuf.h, common/localename.c, common/membuf.c, common/membuf.h
* common/miscellaneous.c, common/openpgp-oid.c, common/openpgpdefs.h
* common/percent.c, common/pka.c, common/pka.h, common/session-env.c
* common/session-env.h, common/sexp-parse.h, common/sexputil.c
* common/signal.c, common/srv.c, common/srv.h, common/ssh-utils.c
* common/ssh-utils.h, common/sysutils.c, common/sysutils.h
* common/tlv.c, common/tlv.h, common/ttyio.c, common/ttyio.h
* common/userids.c, common/userids.h, common/xasprintf.c: Change
license to LGPLv3+/GPLv2+/
2012-04-20 15:43:06 +02:00
|
|
|
* This file is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of either
|
2008-12-05 17:31:39 +01:00
|
|
|
*
|
Change license for some files in common to LGPLv3+/GPLv2+.
Having the LGPL on the common GnuPG code helps to share code
between GnuPG and related projects (like GPGME and Libassuan). This
is good for interoperability and to reduces bugs.
* common/asshelp.c, common/asshelp.h, common/asshelp2.c, common/b64dec.c
* common/b64enc.c, common/convert.c, common/dns-cert.c
* common/dns-cert.h common/exechelp-posix.c, common/exechelp-w32.c
* common/exechelp-w32ce.c, common/exechelp.h, common/get-passphrase.c
* common/get-passphrase.h, common/gettime.c, common/gpgrlhelp.c
* common/helpfile.c, common/homedir.c, common/http.c, common/http.h
* common/i18n.c, common/init.c, common/init.h, common/iobuf.c
* common/iobuf.h, common/localename.c, common/membuf.c, common/membuf.h
* common/miscellaneous.c, common/openpgp-oid.c, common/openpgpdefs.h
* common/percent.c, common/pka.c, common/pka.h, common/session-env.c
* common/session-env.h, common/sexp-parse.h, common/sexputil.c
* common/signal.c, common/srv.c, common/srv.h, common/ssh-utils.c
* common/ssh-utils.h, common/sysutils.c, common/sysutils.h
* common/tlv.c, common/tlv.h, common/ttyio.c, common/ttyio.h
* common/userids.c, common/userids.h, common/xasprintf.c: Change
license to LGPLv3+/GPLv2+/
2012-04-20 15:43:06 +02:00
|
|
|
* - the GNU Lesser General Public License as published by the Free
|
|
|
|
* Software Foundation; either version 3 of the License, or (at
|
|
|
|
* your option) any later version.
|
|
|
|
*
|
|
|
|
* or
|
|
|
|
*
|
|
|
|
* - the GNU General Public License as published by the Free
|
|
|
|
* Software Foundation; either version 2 of the License, or (at
|
|
|
|
* your option) any later version.
|
|
|
|
*
|
|
|
|
* or both in parallel, as here.
|
|
|
|
*
|
|
|
|
* This file is distributed in the hope that it will be useful,
|
2008-12-05 17:31:39 +01:00
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2016-11-05 12:02:19 +01:00
|
|
|
* along with this program; if not, see <https://www.gnu.org/licenses/>.
|
2008-12-05 17:31:39 +01:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <errno.h>
|
|
|
|
#include <ctype.h>
|
2009-04-01 12:51:53 +02:00
|
|
|
#include <assert.h>
|
2008-12-05 17:31:39 +01:00
|
|
|
|
|
|
|
#include "util.h"
|
|
|
|
|
|
|
|
|
|
|
|
/* Create a newly alloced string from STRING with all spaces and
|
|
|
|
control characters converted to plus signs or %xx sequences. The
|
|
|
|
function returns the new string or NULL in case of a malloc
|
|
|
|
failure.
|
|
|
|
|
|
|
|
Note that we also escape the quote character to work around a bug
|
|
|
|
in the mingw32 runtime which does not correcty handle command line
|
|
|
|
quoting. We correctly double the quote mark when calling a program
|
|
|
|
(i.e. gpg-protect-tool), but the pre-main code does not notice the
|
|
|
|
double quote as an escaped quote. We do this also on POSIX systems
|
|
|
|
for consistency. */
|
|
|
|
char *
|
|
|
|
percent_plus_escape (const char *string)
|
|
|
|
{
|
|
|
|
char *buffer, *p;
|
|
|
|
const char *s;
|
|
|
|
size_t length;
|
|
|
|
|
|
|
|
for (length=1, s=string; *s; s++)
|
|
|
|
{
|
2011-02-04 12:57:53 +01:00
|
|
|
if (*s == '+' || *s == '\"' || *s == '%'
|
2008-12-05 17:31:39 +01:00
|
|
|
|| *(const unsigned char *)s < 0x20)
|
|
|
|
length += 3;
|
|
|
|
else
|
|
|
|
length++;
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
2008-12-05 17:31:39 +01:00
|
|
|
buffer = p = xtrymalloc (length);
|
|
|
|
if (!buffer)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
for (s=string; *s; s++)
|
|
|
|
{
|
|
|
|
if (*s == '+' || *s == '\"' || *s == '%'
|
|
|
|
|| *(const unsigned char *)s < 0x20)
|
|
|
|
{
|
|
|
|
snprintf (p, 4, "%%%02X", *(unsigned char *)s);
|
|
|
|
p += 3;
|
|
|
|
}
|
|
|
|
else if (*s == ' ')
|
|
|
|
*p++ = '+';
|
|
|
|
else
|
|
|
|
*p++ = *s;
|
|
|
|
}
|
|
|
|
*p = 0;
|
|
|
|
|
|
|
|
return buffer;
|
|
|
|
|
|
|
|
}
|
2009-04-01 12:51:53 +02:00
|
|
|
|
|
|
|
|
2020-04-07 16:00:11 +02:00
|
|
|
/* Create a newly malloced string from (DATA,DATALEN) with embedded
|
|
|
|
* nuls quoted as %00. The standard percent unescaping can be used to
|
|
|
|
* reverse this encoding. With PLUS_ESCAPE set plus-escaping (spaces
|
|
|
|
* are replaced by a '+') and escaping of characters with values less
|
|
|
|
* than 0x20 is used. If PREFIX is not NULL it will be prepended to
|
|
|
|
* the output in standard escape format; that is PLUS_ESCAPING is
|
|
|
|
* ignored for PREFIX. */
|
|
|
|
char *
|
|
|
|
percent_data_escape (int plus_escape, const char *prefix,
|
|
|
|
const void *data, size_t datalen)
|
|
|
|
{
|
|
|
|
char *buffer, *p;
|
|
|
|
const unsigned char *s;
|
|
|
|
size_t n;
|
|
|
|
size_t length = 1;
|
|
|
|
|
|
|
|
if (prefix)
|
|
|
|
{
|
|
|
|
for (s = prefix; *s; s++)
|
|
|
|
{
|
|
|
|
if (*s == '%' || *s < 0x20)
|
|
|
|
length += 3;
|
|
|
|
else
|
|
|
|
length++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
for (s=data, n=datalen; n; s++, n--)
|
|
|
|
{
|
|
|
|
if (!*s || *s == '%' || (plus_escape && (*s < ' ' || *s == '+')))
|
|
|
|
length += 3;
|
|
|
|
else
|
|
|
|
length++;
|
|
|
|
}
|
|
|
|
|
|
|
|
buffer = p = xtrymalloc (length);
|
|
|
|
if (!buffer)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
if (prefix)
|
|
|
|
{
|
|
|
|
for (s = prefix; *s; s++)
|
|
|
|
{
|
|
|
|
if (*s == '%' || *s < 0x20)
|
|
|
|
{
|
|
|
|
snprintf (p, 4, "%%%02X", *s);
|
|
|
|
p += 3;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
*p++ = *s;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
for (s=data, n=datalen; n; s++, n--)
|
|
|
|
{
|
|
|
|
if (!*s)
|
|
|
|
{
|
|
|
|
memcpy (p, "%00", 3);
|
|
|
|
p += 3;
|
|
|
|
}
|
|
|
|
else if (*s == '%')
|
|
|
|
{
|
|
|
|
memcpy (p, "%25", 3);
|
|
|
|
p += 3;
|
|
|
|
}
|
|
|
|
else if (plus_escape && *s == ' ')
|
|
|
|
{
|
|
|
|
*p++ = '+';
|
|
|
|
}
|
|
|
|
else if (plus_escape && (*s < ' ' || *s == '+'))
|
|
|
|
{
|
|
|
|
snprintf (p, 4, "%%%02X", *s);
|
|
|
|
p += 3;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
*p++ = *s;
|
|
|
|
}
|
|
|
|
*p = 0;
|
|
|
|
|
|
|
|
return buffer;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-04-01 12:51:53 +02:00
|
|
|
/* Do the percent and plus/space unescaping from STRING to BUFFER and
|
|
|
|
return the length of the valid buffer. Plus unescaping is only
|
|
|
|
done if WITHPLUS is true. An escaped Nul character will be
|
|
|
|
replaced by NULREPL. */
|
|
|
|
static size_t
|
2011-02-04 12:57:53 +01:00
|
|
|
do_unescape (unsigned char *buffer, const unsigned char *string,
|
2009-04-01 12:51:53 +02:00
|
|
|
int withplus, int nulrepl)
|
|
|
|
{
|
|
|
|
unsigned char *p = buffer;
|
|
|
|
|
|
|
|
while (*string)
|
|
|
|
{
|
|
|
|
if (*string == '%' && string[1] && string[2])
|
2011-02-04 12:57:53 +01:00
|
|
|
{
|
2009-04-01 12:51:53 +02:00
|
|
|
string++;
|
|
|
|
*p = xtoi_2 (string);
|
|
|
|
if (!*p)
|
|
|
|
*p = nulrepl;
|
|
|
|
string++;
|
|
|
|
}
|
|
|
|
else if (*string == '+' && withplus)
|
|
|
|
*p = ' ';
|
|
|
|
else
|
|
|
|
*p = *string;
|
|
|
|
p++;
|
|
|
|
string++;
|
|
|
|
}
|
|
|
|
|
|
|
|
return (p - buffer);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Count space required after unescaping STRING. Note that this will
|
|
|
|
never be larger than strlen (STRING). */
|
|
|
|
static size_t
|
|
|
|
count_unescape (const unsigned char *string)
|
|
|
|
{
|
|
|
|
size_t n = 0;
|
|
|
|
|
|
|
|
while (*string)
|
|
|
|
{
|
|
|
|
if (*string == '%' && string[1] && string[2])
|
2011-02-04 12:57:53 +01:00
|
|
|
{
|
2009-04-01 12:51:53 +02:00
|
|
|
string++;
|
|
|
|
string++;
|
|
|
|
}
|
|
|
|
string++;
|
|
|
|
n++;
|
|
|
|
}
|
|
|
|
|
|
|
|
return n;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Helper. */
|
|
|
|
static char *
|
|
|
|
do_plus_or_plain_unescape (const char *string, int withplus, int nulrepl)
|
|
|
|
{
|
|
|
|
size_t nbytes, n;
|
|
|
|
char *newstring;
|
|
|
|
|
|
|
|
nbytes = count_unescape (string);
|
|
|
|
newstring = xtrymalloc (nbytes+1);
|
|
|
|
if (newstring)
|
|
|
|
{
|
|
|
|
n = do_unescape (newstring, string, withplus, nulrepl);
|
|
|
|
assert (n == nbytes);
|
|
|
|
newstring[n] = 0;
|
|
|
|
}
|
|
|
|
return newstring;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Create a new allocated string from STRING with all "%xx" sequences
|
|
|
|
decoded and all plus signs replaced by a space. Embedded Nul
|
|
|
|
characters are replaced by the value of NULREPL. The function
|
|
|
|
returns the new string or NULL in case of a malloc failure. */
|
|
|
|
char *
|
|
|
|
percent_plus_unescape (const char *string, int nulrepl)
|
|
|
|
{
|
|
|
|
return do_plus_or_plain_unescape (string, 1, nulrepl);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Create a new allocated string from STRING with all "%xx" sequences
|
|
|
|
decoded. Embedded Nul characters are replaced by the value of
|
|
|
|
NULREPL. The function returns the new string or NULL in case of a
|
|
|
|
malloc failure. */
|
|
|
|
char *
|
|
|
|
percent_unescape (const char *string, int nulrepl)
|
|
|
|
{
|
|
|
|
return do_plus_or_plain_unescape (string, 0, nulrepl);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static size_t
|
|
|
|
do_unescape_inplace (char *string, int withplus, int nulrepl)
|
|
|
|
{
|
|
|
|
unsigned char *p, *p0;
|
|
|
|
|
|
|
|
p = p0 = string;
|
|
|
|
while (*string)
|
|
|
|
{
|
|
|
|
if (*string == '%' && string[1] && string[2])
|
2011-02-04 12:57:53 +01:00
|
|
|
{
|
2009-04-01 12:51:53 +02:00
|
|
|
string++;
|
|
|
|
*p = xtoi_2 (string);
|
|
|
|
if (!*p)
|
|
|
|
*p = nulrepl;
|
|
|
|
string++;
|
|
|
|
}
|
|
|
|
else if (*string == '+' && withplus)
|
|
|
|
*p = ' ';
|
|
|
|
else
|
|
|
|
*p = *string;
|
|
|
|
p++;
|
|
|
|
string++;
|
|
|
|
}
|
|
|
|
|
|
|
|
return (p - p0);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Perform percent and plus unescaping in STRING and return the new
|
|
|
|
valid length of the string. Embedded Nul characters are replaced
|
|
|
|
by the value of NULREPL. A terminating Nul character is not
|
|
|
|
inserted; the caller might want to call this function this way:
|
|
|
|
|
|
|
|
foo[percent_plus_unescape_inplace (foo, 0)] = 0;
|
|
|
|
*/
|
|
|
|
size_t
|
|
|
|
percent_plus_unescape_inplace (char *string, int nulrepl)
|
|
|
|
{
|
|
|
|
return do_unescape_inplace (string, 1, nulrepl);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Perform percent unescaping in STRING and return the new valid
|
|
|
|
length of the string. Embedded Nul characters are replaced by the
|
|
|
|
value of NULREPL. A terminating Nul character is not inserted; the
|
|
|
|
caller might want to call this function this way:
|
|
|
|
|
|
|
|
foo[percent_unescape_inplace (foo, 0)] = 0;
|
|
|
|
*/
|
|
|
|
size_t
|
|
|
|
percent_unescape_inplace (char *string, int nulrepl)
|
|
|
|
{
|
|
|
|
return do_unescape_inplace (string, 0, nulrepl);
|
|
|
|
}
|