From dd1061b6a79b0161597799e825bfefc27993ace5 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko
Date: Sun, 11 Sep 2011 21:04:02 +0200
Subject: wget: URL-decode user:password before base64-encoding it into auth
 hdr. Closes 3625.

function                                             old     new   delta
percent_decode_in_place                                -     152    +152
parse_url                                            304     317     +13
handle_incoming_and_exit                            2795    2798      +3
httpd_main                                           763     760      -3
decodeString                                         152       -    -152
------------------------------------------------------------------------------
(add/remove: 2/1 grow/shrink: 2/1 up/down: 168/-155)           Total: 13 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 libbb/percent_decode.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 libbb/percent_decode.c

(limited to 'libbb')

diff --git a/libbb/percent_decode.c b/libbb/percent_decode.c
new file mode 100644
index 0000000..9a9d80c
--- /dev/null
+++ b/libbb/percent_decode.c
@@ -0,0 +1,69 @@
+/* vi: set sw=4 ts=4: */
+/*
+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
+ */
+
+//kbuild:lib-y += percent_decode.o
+
+#include "libbb.h"
+
+static unsigned hex_to_bin(unsigned char c)
+{
+	unsigned v;
+
+	v = c - '0';
+	if (v <= 9)
+		return v;
+	/* c | 0x20: letters to lower case, non-letters
+	 * to (potentially different) non-letters */
+	v = (unsigned)(c | 0x20) - 'a';
+	if (v <= 5)
+		return v + 10;
+	return ~0;
+/* For testing:
+void t(char c) { printf("'%c'(%u) %u\n", c, c, hex_to_bin(c)); }
+int main() { t(0x10); t(0x20); t('0'); t('9'); t('A'); t('F'); t('a'); t('f');
+t('0'-1); t('9'+1); t('A'-1); t('F'+1); t('a'-1); t('f'+1); return 0; }
+*/
+}
+
+char* FAST_FUNC percent_decode_in_place(char *str, int strict)
+{
+	/* note that decoded string is always shorter than original */
+	char *src = str;
+	char *dst = str;
+	char c;
+
+	while ((c = *src++) != '\0') {
+		unsigned v;
+
+		if (!strict && c == '+') {
+			*dst++ = ' ';
+			continue;
+		}
+		if (c != '%') {
+			*dst++ = c;
+			continue;
+		}
+		v = hex_to_bin(src[0]);
+		if (v > 15) {
+ bad_hex:
+			if (strict)
+				return NULL;
+			*dst++ = '%';
+			continue;
+		}
+		v = (v * 16) | hex_to_bin(src[1]);
+		if (v > 255)
+			goto bad_hex;
+		if (strict && (v == '/' || v == '\0')) {
+			/* caller takes it as indication of invalid
+			 * (dangerous wrt exploits) chars */
+			return str + 1;
+		}
+		*dst++ = v;
+		src += 2;
+	}
+	*dst = '\0';
+	return str;
+}
-- 
cgit v1.1