cURL
Haxx ad
libcurl
Mailing Lists

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker mailing list Archives

[ curl-Bugs-1810446 ] Bad escaping: wrong assumption that char is unsigned

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Tue, 09 Oct 2007 15:54:40 -0700

Bugs item #1810446, was opened at 2007-10-10 02:14
Message generated for change (Comment added) made by orivej
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1810446&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: libcurl
Group: wrong behaviour
Status: Open
Resolution: Fixed
Priority: 9
Private: No
Submitted By: Orivej Desh (orivej)
Assigned to: Daniel Stenberg (bagder)
Summary: Bad escaping: wrong assumption that char is unsigned

Initial Comment:
curl_easy_escape compiled with recent gcc (4.2.1 built by ArchLinux) works wrong: it replaces all upper half characters with '%FF'.

In curl-7.17.0/lib/escape.c curl_easy_escape on line 123 (snprintf(&ns[strindex], 4, "%%%02X", in);) assumes that char (in) is unsigned. This assumption is wrong.

The simplest patch is to replace 'char in;' with 'unsigned char in;' on line 62.

How to apply attached patch:
cd curl-7.17.0
patch -p1 -i ../signedchar.patch

----------------------------------------------------------------------

>Comment By: Orivej Desh (orivej)
Date: 2007-10-10 02:54

Message:
Logged In: YES
user_id=1885965
Originator: YES

Sorry for not checking cvs. But the last release was long ago and I
thought this is a very important bug because lots of applications use curl
to encode url`s.

----------------------------------------------------------------------

Comment By: Dan Fandrich (dfandrich)
Date: 2007-10-10 02:47

Message:
Logged In: YES
user_id=236775
Originator: NO

This is already fixed in CVS.

----------------------------------------------------------------------

Comment By: Orivej Desh (orivej)
Date: 2007-10-10 02:21

Message:
Logged In: YES
user_id=1885965
Originator: YES

Here is a test that explains why 'snprintf(&ns[strindex], 4, "%%%02X",
in);' works wrong.

#include <stdio.h>
int main()
{
        unsigned char a=0xAC;
        signed char b=0xAC;
        printf("%%%02X\n", a);
        printf("%%%02X\n", b);
        return 0;
}

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1810446&group_id=976
Received on 2007-10-10

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET