From: Christophe CURIS <[email protected]>
The internal function 'unescapestr' is used to transform strings which
may contain escape sequences (\x) into their plain representation.
There are a few cases where the function can misbehave (typically parse
after the end of string, thus writing past the end of the reserved
result area) which can be a source of problem later. The new code
should be safer.
---
WINGs/proplist.c | 39 ++++++++++++++++++++++++++++-----------
1 file changed, 28 insertions(+), 11 deletions(-)
diff --git a/WINGs/proplist.c b/WINGs/proplist.c
index 1243354..bb5e057 100644
--- a/WINGs/proplist.c
+++ b/WINGs/proplist.c
@@ -508,16 +508,33 @@ static char *unescapestr(const char *src)
char *dPtr;
char ch;
- for (dPtr = dest; *src; src++, dPtr++) {
- if (*src != '\\') {
- *dPtr = *src;
- } else {
- ch = *(++src);
- if ((ch >= '0') && (ch <= '3')) {
- /* assume next 2 chars are octal too */
- *dPtr = ((ch & 07) << 6);
- *dPtr |= ((*(++src) & 07) << 3);
- *dPtr |= *(++src) & 07;
+ for (dPtr = dest; ; dPtr++) {
+ ch = *src++;
+ if (ch == '\0')
+ break;
+ else if (ch != '\\')
+ *dPtr = ch;
+ else {
+ ch = *(src++);
+ if (ch == '\0') {
+ *dPtr = '\\';
+ break;
+ } else if ((ch >= '0') && (ch <= '7')) {
+ char wch;
+
+ /* Convert octal number to character */
+ wch = (ch & 07);
+ ch = *src;
+ if ((ch >= '0') && (ch <= '7')) {
+ src++;
+ wch = (wch << 3) | (ch & 07);
+ ch = *src;
+ if ((ch >= '0') && (ch <= '7')) {
+ src++;
+ wch = (wch << 3) | (ch & 07);
+ }
+ }
+ *dPtr = wch;
} else {
switch (ch) {
case 'a':
@@ -542,7 +559,7 @@ static char *unescapestr(const char *src)
*dPtr = '\f';
break;
default:
- *dPtr = *src;
+ *dPtr = ch;
}
}
}
--
1.7.10.4
--
To unsubscribe, send mail to [email protected].
