Alex Fishman reported a curl_easy_escape() problem that was made the

function do wrong on all input bytes that are >= 0x80 (decimal 128) due to a signed / unsigned mistake in the code. I fixed it and added test case 543 to verify.

Alex Fishman reported a curl_easy_escape() problem that was made the
function do wrong on all input bytes that are >= 0x80 (decimal 128) due to a signed / unsigned mistake in the code. I fixed it and added test case 543 to verify.
ec08e2f9 · Daniel Stenberg · 38dd0ede · ec08e2f9 · ec08e2f9 · ec08e2f9
Commit ec08e2f9 authored 17 years ago by Daniel Stenberg
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,12 @@

                                  Changelog

+Daniel S (1 October 2007)
+- Alex Fishman reported a curl_easy_escape() problem that was made the
+  function do wrong on all input bytes that are >= 0x80 (decimal 128) due to a
+  signed / unsigned mistake in the code. I fixed it and added test case 543 to
+  verify.
+
 Daniel S (29 September 2007)
 - Immanuel Gregoire fixed a problem with persistent transfers over SFTP.


--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -27,7 +27,8 @@ This release includes the following bugfixes:
 o --ftp-method nocwd on directory listings
 o FTP, CURLOPT_NOBODY enabled and CURLOPT_HEADER disabled now does TYPE
   before SIZE
- o persistent transfers over SFTP
+ o re-used handle transfers with SFTP
+ o curl_easy_escape() problem with byte values >= 128

 This release includes the following known bugs:

@@ -45,6 +46,6 @@ This release would not have looked like this without help, code, reports and
 advice from friends like these:

 Dan Fandrich, Michal Marek, Gnter Knauf, Rob Crittenden, Immanuel Gregoire,
- Mark Davies, Max Katsev, Philip Langdale
+ Mark Davies, Max Katsev, Philip Langdale, Alex Fishman
 
        Thanks! (and sorry if I forgot to mention someone)
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -59,7 +59,7 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength)
  size_t alloc = (inlength?(size_t)inlength:strlen(string))+1;
  char *ns;
  char *testing_ptr = NULL;
-  char in;
+  unsigned char in; /* we need to treat the characters unsigned */
  size_t newlen = alloc;
  int strindex=0;
  size_t length;

--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -44,4 +44,4 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46	   \
 test409 test613 test614 test700 test701 test702 test704 test705 test703   \
 test706 test707 test350 test351 test352 test353 test289 test540 test354   \
 test231 test1000 test1001 test1002 test1003 test1004 test1005 test1006    \
- test615 test1007 test541 test1010 test1011 test1012
+ test615 test1007 test541 test1010 test1011 test1012 test542 test543
--- a/tests/data/test543
+++ b/tests/data/test543
+<testcase>
+<info>
+<keywords>
+curl_easy_escape
+</keywords>
+</info>
+# Server-side
+
+# Client-side
+<client>
+<server>
+none
+</server>
+<tool>
+lib543
+</tool>
+ <name>
+curl_easy_escape
+ </name>
+ <command>
+-
+</command>
+
+</client>
+
+# Verify data after the test has been "shot"
+#
+# There's no MTDM in the protocol here since this code doesn't ask for the
+# time/date of the file
+<verify>
+<stdout>
+%9C%26K%3DI%04%A1%01%E0%D8%7C%20%B7%EFS%29%FA%1DW%E1
+</stdout>
+</verify>
+</testcase>
--- a/tests/libtest/Makefile.am
+++ b/tests/libtest/Makefile.am
@@ -47,7 +47,7 @@ SUPPORTFILES = first.c test.h
 noinst_PROGRAMS = lib500 lib501 lib502 lib503 lib504 lib505 lib506	\
  lib507 lib508 lib509 lib510 lib511 lib512 lib513 lib514 lib515 lib516	\
  lib517 lib518 lib519 lib520 lib521 lib523 lib524 lib525 lib526 lib527	\
-  lib529 lib530 lib532 lib533 lib536 lib537 lib540 lib541 lib542
+  lib529 lib530 lib532 lib533 lib536 lib537 lib540 lib541 lib542 lib543

 # Dependencies (may need to be overriden)
 LDADD = $(LIBDIR)/libcurl.la
@@ -130,3 +130,5 @@ lib540_SOURCES = lib540.c $(SUPPORTFILES)
 lib541_SOURCES = lib541.c $(SUPPORTFILES)

 lib542_SOURCES = lib542.c $(SUPPORTFILES)
+
+lib543_SOURCES = lib543.c $(SUPPORTFILES)
--- a/tests/libtest/lib543.c
+++ b/tests/libtest/lib543.c
+/*****************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * $Id$
+ *
+ * Based on Alex Fishman's bug report on September 30, 2007
+ */
+
+#include "setup.h"
+#include "test.h"
+
+int test(char *URL)
+{
+  unsigned char a[] = {0x9c, 0x26, 0x4b, 0x3d, 0x49, 0x4, 0xa1, 0x1,
+                       0xe0, 0xd8, 0x7c,  0x20, 0xb7, 0xef, 0x53, 0x29, 0xfa,
+                       0x1d, 0x57, 0xe1};
+
+  CURL* easy  = curl_easy_init();
+  char* s = curl_easy_escape(easy, (char*)a, sizeof(a));
+  (void)URL;
+
+  printf("%s\n", s);
+
+  curl_free(s);
+  curl_easy_cleanup(easy);
+
+  return 0;
+}