Home | History | Annotate | Download | only in lib
      1 /***************************************************************************
      2  *                                  _   _ ____  _
      3  *  Project                     ___| | | |  _ \| |
      4  *                             / __| | | | |_) | |
      5  *                            | (__| |_| |  _ <| |___
      6  *                             \___|\___/|_| \_\_____|
      7  *
      8  * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel (at) haxx.se>, et al.
      9  *
     10  * This software is licensed as described in the file COPYING, which
     11  * you should have received as part of this distribution. The terms
     12  * are also available at https://curl.haxx.se/docs/copyright.html.
     13  *
     14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
     15  * copies of the Software, and permit persons to whom the Software is
     16  * furnished to do so, under the terms of the COPYING file.
     17  *
     18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
     19  * KIND, either express or implied.
     20  *
     21  ***************************************************************************/
     22 
     23 #include "curl_setup.h"
     24 
     25 #include <curl/curl.h>
     26 
     27 #include "dotdot.h"
     28 #include "curl_memory.h"
     29 
     30 /* The last #include file should be: */
     31 #include "memdebug.h"
     32 
     33 /*
     34  * "Remove Dot Segments"
     35  * https://tools.ietf.org/html/rfc3986#section-5.2.4
     36  */
     37 
     38 /*
     39  * Curl_dedotdotify()
     40  * @unittest: 1395
     41  *
     42  * This function gets a zero-terminated path with dot and dotdot sequences
     43  * passed in and strips them off according to the rules in RFC 3986 section
     44  * 5.2.4.
     45  *
     46  * The function handles a query part ('?' + stuff) appended but it expects
     47  * that fragments ('#' + stuff) have already been cut off.
     48  *
     49  * RETURNS
     50  *
     51  * an allocated dedotdotified output string
     52  */
     53 char *Curl_dedotdotify(const char *input)
     54 {
     55   size_t inlen = strlen(input);
     56   char *clone;
     57   size_t clen = inlen; /* the length of the cloned input */
     58   char *out = malloc(inlen+1);
     59   char *outptr;
     60   char *orgclone;
     61   char *queryp;
     62   if(!out)
     63     return NULL; /* out of memory */
     64 
     65   /* get a cloned copy of the input */
     66   clone = strdup(input);
     67   if(!clone) {
     68     free(out);
     69     return NULL;
     70   }
     71   orgclone = clone;
     72   outptr = out;
     73 
     74   if(!*clone) {
     75     /* zero length string, return that */
     76     free(out);
     77     return clone;
     78   }
     79 
     80   /*
     81    * To handle query-parts properly, we must find it and remove it during the
     82    * dotdot-operation and then append it again at the end to the output
     83    * string.
     84    */
     85   queryp = strchr(clone, '?');
     86   if(queryp)
     87     *queryp = 0;
     88 
     89   do {
     90 
     91     /*  A.  If the input buffer begins with a prefix of "../" or "./", then
     92         remove that prefix from the input buffer; otherwise, */
     93 
     94     if(!strncmp("./", clone, 2)) {
     95       clone+=2;
     96       clen-=2;
     97     }
     98     else if(!strncmp("../", clone, 3)) {
     99       clone+=3;
    100       clen-=3;
    101     }
    102 
    103     /*  B.  if the input buffer begins with a prefix of "/./" or "/.", where
    104         "."  is a complete path segment, then replace that prefix with "/" in
    105         the input buffer; otherwise, */
    106     else if(!strncmp("/./", clone, 3)) {
    107       clone+=2;
    108       clen-=2;
    109     }
    110     else if(!strcmp("/.", clone)) {
    111       clone[1]='/';
    112       clone++;
    113       clen-=1;
    114     }
    115 
    116     /*  C.  if the input buffer begins with a prefix of "/../" or "/..", where
    117         ".." is a complete path segment, then replace that prefix with "/" in
    118         the input buffer and remove the last segment and its preceding "/" (if
    119         any) from the output buffer; otherwise, */
    120 
    121     else if(!strncmp("/../", clone, 4)) {
    122       clone+=3;
    123       clen-=3;
    124       /* remove the last segment from the output buffer */
    125       while(outptr > out) {
    126         outptr--;
    127         if(*outptr == '/')
    128           break;
    129       }
    130       *outptr = 0; /* zero-terminate where it stops */
    131     }
    132     else if(!strcmp("/..", clone)) {
    133       clone[2]='/';
    134       clone+=2;
    135       clen-=2;
    136       /* remove the last segment from the output buffer */
    137       while(outptr > out) {
    138         outptr--;
    139         if(*outptr == '/')
    140           break;
    141       }
    142       *outptr = 0; /* zero-terminate where it stops */
    143     }
    144 
    145     /*  D.  if the input buffer consists only of "." or "..", then remove
    146         that from the input buffer; otherwise, */
    147 
    148     else if(!strcmp(".", clone) || !strcmp("..", clone)) {
    149       *clone=0;
    150     }
    151 
    152     else {
    153       /*  E.  move the first path segment in the input buffer to the end of
    154           the output buffer, including the initial "/" character (if any) and
    155           any subsequent characters up to, but not including, the next "/"
    156           character or the end of the input buffer. */
    157 
    158       do {
    159         *outptr++ = *clone++;
    160         clen--;
    161       } while(*clone && (*clone != '/'));
    162       *outptr = 0;
    163     }
    164 
    165   } while(*clone);
    166 
    167   if(queryp) {
    168     size_t qlen;
    169     /* There was a query part, append that to the output. The 'clone' string
    170        may now have been altered so we copy from the original input string
    171        from the correct index. */
    172     size_t oindex = queryp - orgclone;
    173     qlen = strlen(&input[oindex]);
    174     memcpy(outptr, &input[oindex], qlen+1); /* include the ending zero byte */
    175   }
    176 
    177   free(orgclone);
    178   return out;
    179 }
    180