[hackers] [sbase] Add \e, \", \' and hex-escapes (\xH[H]) to unescape() || FRIGN
commit fa52e0f128f4561e8fc26942dafec1d9a3376368
Author: FRIGN <dev_AT_frign.de>
Date: Sat Feb 14 22:54:18 2015 +0100
Add \e, \", \' and hex-escapes (\xH[H]) to unescape()
So the users control the program, and the program doesn't
control the users.
diff --git a/libutil/unescape.c b/libutil/unescape.c
index 7f5c41f..bf29230 100644
--- a/libutil/unescape.c
+++ b/libutil/unescape.c
_AT_@ -17,13 +17,37 @@ unescape(char *s)
switch (s[i + 1]) {
case '\\': s[i] = '\\'; off++; break;
+ case '\'': s[i] = '\'', off++; break;
+ case '"': s[i] = '"', off++; break;
case 'a': s[i] = '\a'; off++; break;
case 'b': s[i] = '\b'; off++; break;
+ case 'e': s[i] = 033; off++; break;
case 'f': s[i] = '\f'; off++; break;
case 'n': s[i] = '\n'; off++; break;
case 'r': s[i] = '\r'; off++; break;
case 't': s[i] = '\t'; off++; break;
case 'v': s[i] = '\v'; off++; break;
+ case 'x':
+ /* "\xH[H]" hexadecimal escape */
+ for (m = i + 2; m < i + 1 + 3 && m < len; m++)
+ if ((s[m] < '0' && s[m] > '9') &&
+ (s[m] < 'A' && s[m] > 'F') &&
+ (s[m] < 'a' && s[m] > 'f'))
+ break;
+ if (m == i + 2)
+ eprintf("%s: invalid escape sequence '\\%c'\n", argv0, s[i + 1]);
+ off += m - i - 1;
+ for (--m, q = 0, factor = 1; m > i + 1; m--) {
+ if (s[m] >= '0' && s[m] <= '9')
+ q += (s[m] - '0') * factor;
+ else if (s[m] >= 'A' && s[m] <= 'F')
+ q += ((s[m] - 'A') + 10) * factor;
+ else if (s[m] >= 'a' && s[m] <= 'f')
+ q += ((s[m] - 'a') + 10) * factor;
+ factor *= 16;
+ }
+ s[i] = q;
+ break;
case '\0':
eprintf("%s: null escape sequence\n", argv0);
default:
Received on Sat Feb 14 2015 - 23:09:23 CET
This archive was generated by hypermail 2.3.0
: Sat Feb 14 2015 - 23:12:09 CET