Fixing 'escape' problem in winldap query.

Perry Werneck
1 parent ff433330
Showing 3 changed files with 92 additions and 1 deletions Show diff stats
src/core/util.c
src/include/utilc.h
src/ssl/windows/ldap.c
@@ -714,3 +714,83 @@ LIB3270_EXPORT int lib3270_getsockname(H3270 *hSession, struct sockaddr *addr, s
 	return getsockname(hSession->sock, addr, addrlen);
 }
+
+static int xdigit_value(const char scanner)
+{
+
+	if(scanner >= '0' && scanner <= '9') {
+		return scanner - '0';
+	}
+
+	if(scanner >= 'A' && scanner <= 'F') {
+		return 10 + (scanner - 'A');
+	}
+
+	if(scanner >= 'a' && scanner <= 'f') {
+		return 10 + (scanner - 'a');
+	}
+
+	return -1;
+}
+
+static int unescape_character(const char *scanner)
+{
+
+		int first_digit 	= xdigit_value(*scanner++);
+		int second_digit 	= xdigit_value(*scanner++);
+
+		if (first_digit < 0)
+				return -1;
+
+		if (second_digit < 0)
+				return -1;
+
+		return (first_digit << 4) | second_digit;
+
+}
+
+char * lib3270_unescape(const char *text)
+{
+	if(!text)
+		return NULL;
+
+	size_t		  sz = strlen(text);
+	char 		* outString = lib3270_malloc(sz+1);
+	char		* dst = outString;
+	const char	* src = text;
+	char 		* ptr = strchr(src,'%');
+
+	memset(outString,0,sz+1);
+
+	while(ptr)
+	{
+		if(ptr[1] == '%')
+		{
+			src = ptr+2;
+		}
+		else
+		{
+			size_t sz = (ptr - src);
+			memcpy(dst,src,sz);
+			dst += sz;
+
+			int chr = unescape_character(ptr+1);
+			if(chr < 0)
+			{
+				*(dst++) = '?';
+			}
+			else
+			{
+				*(dst++) = (char) chr;
+			}
+
+			src += (sz+3);
+		}
+
+		ptr = strchr(src,'%');
+	}
+
+	strcpy(dst,src);
+
+	return outString;
+}
@@ -59,3 +59,13 @@ LIB3270_INTERNAL void rpf_init(rpf_t *r);
 LIB3270_INTERNAL void rpf_reset(rpf_t *r);
 LIB3270_INTERNAL void rpf(rpf_t *r, char *fmt, ...) LIB3270_GNUC_FORMAT(2, 3);
 LIB3270_INTERNAL void rpf_free(rpf_t *r);
+
+/**
+ * @brief "unescape" text (Replaces %value for corresponding character).
+ *
+ * @param text	Text to convert.
+ *
+ * @return Converted string (release it with g_free).
+ *
+ */
+LIB3270_INTERNAL char * lib3270_unescape(const char *text);
@@ -40,6 +40,7 @@
 #include "private.h"
 #include <winldap.h>
+#include <utilc.h>
 # ifndef LDAP_VENDOR_NAME
 #  error Your Platform SDK is NOT sufficient for LDAP support! \
@@ -94,7 +95,7 @@ X509_CRL * get_crl_using_ldap(H3270 *hSession, SSL_ERROR_MESSAGE * message, cons
 	// Strip query.
-	lib3270_autoptr(char) urldup = strdup(consturl);
+	lib3270_autoptr(char) urldup = lib3270_unescape(consturl);
 	char * url = urldup+7;
 	char * base = strchr(url,'/');
	@@ -714,3 +714,83 @@ LIB3270_EXPORT int lib3270_getsockname(H3270 hSession, struct sockaddr addr, s		@@ -714,3 +714,83 @@ LIB3270_EXPORT int lib3270_getsockname(H3270 hSession, struct sockaddr addr, s
714		714
715	return getsockname(hSession->sock, addr, addrlen);	715	return getsockname(hSession->sock, addr, addrlen);
716	}	716	}
		717	+
		718	+static int xdigit_value(const char scanner)
		719	+{
		720	+
		721	+ if(scanner >= '0' && scanner <= '9') {
		722	+ return scanner - '0';
		723	+ }
		724	+
		725	+ if(scanner >= 'A' && scanner <= 'F') {
		726	+ return 10 + (scanner - 'A');
		727	+ }
		728	+
		729	+ if(scanner >= 'a' && scanner <= 'f') {
		730	+ return 10 + (scanner - 'a');
		731	+ }
		732	+
		733	+ return -1;
		734	+}
		735	+
		736	+static int unescape_character(const char *scanner)
		737	+{
		738	+
		739	+ int first_digit = xdigit_value(*scanner++);
		740	+ int second_digit = xdigit_value(*scanner++);
		741	+
		742	+ if (first_digit < 0)
		743	+ return -1;
		744	+
		745	+ if (second_digit < 0)
		746	+ return -1;
		747	+
		748	+ return (first_digit << 4) \| second_digit;
		749	+
		750	+}
		751	+
		752	+char * lib3270_unescape(const char *text)
		753	+{
		754	+ if(!text)
		755	+ return NULL;
		756	+
		757	+ size_t sz = strlen(text);
		758	+ char * outString = lib3270_malloc(sz+1);
		759	+ char * dst = outString;
		760	+ const char * src = text;
		761	+ char * ptr = strchr(src,'%');
		762	+
		763	+ memset(outString,0,sz+1);
		764	+
		765	+ while(ptr)
		766	+ {
		767	+ if(ptr[1] == '%')
		768	+ {
		769	+ src = ptr+2;
		770	+ }
		771	+ else
		772	+ {
		773	+ size_t sz = (ptr - src);
		774	+ memcpy(dst,src,sz);
		775	+ dst += sz;
		776	+
		777	+ int chr = unescape_character(ptr+1);
		778	+ if(chr < 0)
		779	+ {
		780	+ *(dst++) = '?';
		781	+ }
		782	+ else
		783	+ {
		784	+ *(dst++) = (char) chr;
		785	+ }
		786	+
		787	+ src += (sz+3);
		788	+ }
		789	+
		790	+ ptr = strchr(src,'%');
		791	+ }
		792	+
		793	+ strcpy(dst,src);
		794	+
		795	+ return outString;
		796	+}
	@@ -59,3 +59,13 @@ LIB3270_INTERNAL void rpf_init(rpf_t *r);		@@ -59,3 +59,13 @@ LIB3270_INTERNAL void rpf_init(rpf_t *r);
59	LIB3270_INTERNAL void rpf_reset(rpf_t *r);	59	LIB3270_INTERNAL void rpf_reset(rpf_t *r);
60	LIB3270_INTERNAL void rpf(rpf_t r, char fmt, ...) LIB3270_GNUC_FORMAT(2, 3);	60	LIB3270_INTERNAL void rpf(rpf_t r, char fmt, ...) LIB3270_GNUC_FORMAT(2, 3);
61	LIB3270_INTERNAL void rpf_free(rpf_t *r);	61	LIB3270_INTERNAL void rpf_free(rpf_t *r);
		62	+
		63	+/**
		64	+ * @brief "unescape" text (Replaces %value for corresponding character).
		65	+ *
		66	+ * @param text Text to convert.
		67	+ *
		68	+ * @return Converted string (release it with g_free).
		69	+ *
		70	+ */
		71	+LIB3270_INTERNAL char * lib3270_unescape(const char *text);