dotdot.c 5.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. ***************************************************************************/
  22. #include "curl_setup.h"
  23. #include <curl/curl.h>
  24. #include "dotdot.h"
  25. #include "curl_memory.h"
  26. /* The last #include file should be: */
  27. #include "memdebug.h"
  28. /*
  29. * "Remove Dot Segments"
  30. * https://datatracker.ietf.org/doc/html/rfc3986#section-5.2.4
  31. */
  32. /*
  33. * Curl_dedotdotify()
  34. * @unittest: 1395
  35. *
  36. * This function gets a null-terminated path with dot and dotdot sequences
  37. * passed in and strips them off according to the rules in RFC 3986 section
  38. * 5.2.4.
  39. *
  40. * The function handles a query part ('?' + stuff) appended but it expects
  41. * that fragments ('#' + stuff) have already been cut off.
  42. *
  43. * RETURNS
  44. *
  45. * an allocated dedotdotified output string
  46. */
  47. char *Curl_dedotdotify(const char *input)
  48. {
  49. size_t inlen = strlen(input);
  50. char *clone;
  51. size_t clen = inlen; /* the length of the cloned input */
  52. char *out = malloc(inlen + 1);
  53. char *outptr;
  54. char *orgclone;
  55. char *queryp;
  56. if(!out)
  57. return NULL; /* out of memory */
  58. *out = 0; /* null-terminates, for inputs like "./" */
  59. /* get a cloned copy of the input */
  60. clone = strdup(input);
  61. if(!clone) {
  62. free(out);
  63. return NULL;
  64. }
  65. orgclone = clone;
  66. outptr = out;
  67. if(!*clone) {
  68. /* zero length string, return that */
  69. free(out);
  70. return clone;
  71. }
  72. /*
  73. * To handle query-parts properly, we must find it and remove it during the
  74. * dotdot-operation and then append it again at the end to the output
  75. * string.
  76. */
  77. queryp = strchr(clone, '?');
  78. if(queryp)
  79. *queryp = 0;
  80. do {
  81. /* A. If the input buffer begins with a prefix of "../" or "./", then
  82. remove that prefix from the input buffer; otherwise, */
  83. if(!strncmp("./", clone, 2)) {
  84. clone += 2;
  85. clen -= 2;
  86. }
  87. else if(!strncmp("../", clone, 3)) {
  88. clone += 3;
  89. clen -= 3;
  90. }
  91. /* B. if the input buffer begins with a prefix of "/./" or "/.", where
  92. "." is a complete path segment, then replace that prefix with "/" in
  93. the input buffer; otherwise, */
  94. else if(!strncmp("/./", clone, 3)) {
  95. clone += 2;
  96. clen -= 2;
  97. }
  98. else if(!strcmp("/.", clone)) {
  99. clone[1]='/';
  100. clone++;
  101. clen -= 1;
  102. }
  103. /* C. if the input buffer begins with a prefix of "/../" or "/..", where
  104. ".." is a complete path segment, then replace that prefix with "/" in
  105. the input buffer and remove the last segment and its preceding "/" (if
  106. any) from the output buffer; otherwise, */
  107. else if(!strncmp("/../", clone, 4)) {
  108. clone += 3;
  109. clen -= 3;
  110. /* remove the last segment from the output buffer */
  111. while(outptr > out) {
  112. outptr--;
  113. if(*outptr == '/')
  114. break;
  115. }
  116. *outptr = 0; /* null-terminate where it stops */
  117. }
  118. else if(!strcmp("/..", clone)) {
  119. clone[2]='/';
  120. clone += 2;
  121. clen -= 2;
  122. /* remove the last segment from the output buffer */
  123. while(outptr > out) {
  124. outptr--;
  125. if(*outptr == '/')
  126. break;
  127. }
  128. *outptr = 0; /* null-terminate where it stops */
  129. }
  130. /* D. if the input buffer consists only of "." or "..", then remove
  131. that from the input buffer; otherwise, */
  132. else if(!strcmp(".", clone) || !strcmp("..", clone)) {
  133. *clone = 0;
  134. *out = 0;
  135. }
  136. else {
  137. /* E. move the first path segment in the input buffer to the end of
  138. the output buffer, including the initial "/" character (if any) and
  139. any subsequent characters up to, but not including, the next "/"
  140. character or the end of the input buffer. */
  141. do {
  142. *outptr++ = *clone++;
  143. clen--;
  144. } while(*clone && (*clone != '/'));
  145. *outptr = 0;
  146. }
  147. } while(*clone);
  148. if(queryp) {
  149. size_t qlen;
  150. /* There was a query part, append that to the output. The 'clone' string
  151. may now have been altered so we copy from the original input string
  152. from the correct index. */
  153. size_t oindex = queryp - orgclone;
  154. qlen = strlen(&input[oindex]);
  155. memcpy(outptr, &input[oindex], qlen + 1); /* include the end zero byte */
  156. }
  157. free(orgclone);
  158. return out;
  159. }