mirror of
https://github.com/git/git
synced 2024-10-30 13:20:15 +00:00
d37dc239a4
There is no reason to allow %00 to terminate a string, so do not allow it. Otherwise, we end up returning arbitrary content in the string (that which is after the %00) which is effectively hidden from callers and can escape sanity checks and validation, and possible be used in tandem with a security vulnerability to introduce a payload. Helped-by: brian m. carlson <sandals@crustytoothpaste.net> Signed-off-by: Matthew DeVore <matvore@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
113 lines
2.4 KiB
C
113 lines
2.4 KiB
C
#include "cache.h"
|
|
#include "url.h"
|
|
|
|
int is_urlschemechar(int first_flag, int ch)
|
|
{
|
|
/*
|
|
* The set of valid URL schemes, as per STD66 (RFC3986) is
|
|
* '[A-Za-z][A-Za-z0-9+.-]*'. But use sightly looser check
|
|
* of '[A-Za-z0-9][A-Za-z0-9+.-]*' because earlier version
|
|
* of check used '[A-Za-z0-9]+' so not to break any remote
|
|
* helpers.
|
|
*/
|
|
int alphanumeric, special;
|
|
alphanumeric = ch > 0 && isalnum(ch);
|
|
special = ch == '+' || ch == '-' || ch == '.';
|
|
return alphanumeric || (!first_flag && special);
|
|
}
|
|
|
|
int is_url(const char *url)
|
|
{
|
|
/* Is "scheme" part reasonable? */
|
|
if (!url || !is_urlschemechar(1, *url++))
|
|
return 0;
|
|
while (*url && *url != ':') {
|
|
if (!is_urlschemechar(0, *url++))
|
|
return 0;
|
|
}
|
|
/* We've seen "scheme"; we want colon-slash-slash */
|
|
return (url[0] == ':' && url[1] == '/' && url[2] == '/');
|
|
}
|
|
|
|
static char *url_decode_internal(const char **query, int len,
|
|
const char *stop_at, struct strbuf *out,
|
|
int decode_plus)
|
|
{
|
|
const char *q = *query;
|
|
|
|
while (len) {
|
|
unsigned char c = *q;
|
|
|
|
if (!c)
|
|
break;
|
|
if (stop_at && strchr(stop_at, c)) {
|
|
q++;
|
|
len--;
|
|
break;
|
|
}
|
|
|
|
if (c == '%' && (len < 0 || len >= 3)) {
|
|
int val = hex2chr(q + 1);
|
|
if (0 < val) {
|
|
strbuf_addch(out, val);
|
|
q += 3;
|
|
len -= 3;
|
|
continue;
|
|
}
|
|
}
|
|
|
|
if (decode_plus && c == '+')
|
|
strbuf_addch(out, ' ');
|
|
else
|
|
strbuf_addch(out, c);
|
|
q++;
|
|
len--;
|
|
}
|
|
*query = q;
|
|
return strbuf_detach(out, NULL);
|
|
}
|
|
|
|
char *url_decode(const char *url)
|
|
{
|
|
return url_decode_mem(url, strlen(url));
|
|
}
|
|
|
|
char *url_decode_mem(const char *url, int len)
|
|
{
|
|
struct strbuf out = STRBUF_INIT;
|
|
const char *colon = memchr(url, ':', len);
|
|
|
|
/* Skip protocol part if present */
|
|
if (colon && url < colon) {
|
|
strbuf_add(&out, url, colon - url);
|
|
len -= colon - url;
|
|
url = colon;
|
|
}
|
|
return url_decode_internal(&url, len, NULL, &out, 0);
|
|
}
|
|
|
|
char *url_decode_parameter_name(const char **query)
|
|
{
|
|
struct strbuf out = STRBUF_INIT;
|
|
return url_decode_internal(query, -1, "&=", &out, 1);
|
|
}
|
|
|
|
char *url_decode_parameter_value(const char **query)
|
|
{
|
|
struct strbuf out = STRBUF_INIT;
|
|
return url_decode_internal(query, -1, "&", &out, 1);
|
|
}
|
|
|
|
void end_url_with_slash(struct strbuf *buf, const char *url)
|
|
{
|
|
strbuf_addstr(buf, url);
|
|
strbuf_complete(buf, '/');
|
|
}
|
|
|
|
void str_end_url_with_slash(const char *url, char **dest)
|
|
{
|
|
struct strbuf buf = STRBUF_INIT;
|
|
end_url_with_slash(&buf, url);
|
|
free(*dest);
|
|
*dest = strbuf_detach(&buf, NULL);
|
|
}
|