* \param target output string
* \param strbuf input string
*/
-void jsesc(char *target, char *strbuf)
+void jsesc(char *target, size_t tlen, char *strbuf)
{
- int a, len;
+ int len;
+ char *tend;
+ char *send;
+ char *tptr;
+ char *sptr;
target[0]='\0';
len = strlen (strbuf);
- for (a = 0; a < len; ++a) {
- if (strbuf[a] == '<')
- strcat(target, "[");
- else if (strbuf[a] == '>')
- strcat(target, "]");
- else if (strbuf[a] == '\"')
- strcat(target, """);
- else if (strbuf[a] == '&')
- strcat(target, "&;");
- else if (strbuf[a] == '\'')
- strcat(target, "\\'");
- else {
- strncat(target, &strbuf[a], 1);
+ send = strbuf + len;
+ sptr = strbuf;
+ tptr = target;
+
+ while (!IsEmptyStr(sptr) &&
+ (sptr < send) &&
+ (tptr < tend)) {
+
+ if (*sptr == '<')
+ *tptr = '[';
+ else if (*sptr == '>')
+ *tptr = ']';
+ else if (*sptr == '\'') {
+ if (tend - tptr < 3)
+ return;
+ *(tptr++) = '\\';
+ *tptr = '\'';
}
+ else if (*sptr == '"') {
+ if (tend - tptr < 8)
+ return;
+ *(tptr++) = '&';
+ *(tptr++) = 'q';
+ *(tptr++) = 'u';
+ *(tptr++) = 'o';
+ *(tptr++) = 't';
+ *tptr = ';';
+ }
+ else if (*sptr == '&') {
+ if (tend - tptr < 7)
+ return;
+ *(tptr++) = '&';
+ *(tptr++) = 'a';
+ *(tptr++) = 'm';
+ *(tptr++) = 'p';
+ *tptr = ';';
+ } else {
+ *tptr = *sptr;
+ }
+ tptr++; sptr++;
}
+ *tptr = '\0';
}
/**
{
char outbuf[SIZ];
- jsesc(outbuf, strbuf);
+ jsesc(outbuf, SIZ, strbuf);
wprintf("%s", outbuf);
}
* \param target target buffer
* \param strbuf source buffer
*/
-void msgesc(char *target, char *strbuf)
+void msgesc(char *target, size_t tlen, char *strbuf)
{
- int a, len;
+ int len;
+ char *tend;
+ char *send;
+ char *tptr;
+ char *sptr;
- *target='\0';
- len = strlen(strbuf);
- for (a = 0; a < len; ++a) {
- if (strbuf[a] == '\n')
- strcat(target, " ");
- else if (strbuf[a] == '\r')
- strcat(target, " ");
- else if (strbuf[a] == '\'')
- strcat(target, "'");
- else {
- strncat(target, &strbuf[a], 1);
+ target[0]='\0';
+ len = strlen (strbuf);
+ send = strbuf + len;
+ sptr = strbuf;
+ tptr = target;
+
+ while (!IsEmptyStr(sptr) &&
+ (sptr < send) &&
+ (tptr < tend)) {
+
+ if (*sptr == '\n')
+ *tptr = ' ';
+ else if (*sptr == '\r')
+ *tptr = ' ';
+ else if (*sptr == '\'') {
+ if (tend - tptr < 8)
+ return;
+ *(tptr++) = '&';
+ *(tptr++) = '#';
+ *(tptr++) = '3';
+ *(tptr++) = '9';
+ *tptr = ';';
+ } else {
+ *tptr = *sptr;
}
+ tptr++; sptr++;
}
+ *tptr = '\0';
}
/**
buflen = 3 * strlen(strbuf) + SIZ;
outbuf = malloc( buflen);
outbuf2 = malloc( buflen);
- msgesc(outbuf, strbuf);
+ msgesc(outbuf, buflen, strbuf);
stresc(outbuf2, buflen, outbuf, 0, 0);
wprintf("%s", outbuf2);
free(outbuf);
*/
void msgescputs(char *strbuf) {
char *outbuf;
+ size_t len;
if (strbuf == NULL) return;
- outbuf = malloc( (3 * strlen(strbuf)) + SIZ);
- msgesc(outbuf, strbuf);
+ len = (3 * strlen(strbuf)) + SIZ;
+ outbuf = malloc(len);
+ msgesc(outbuf, len, strbuf);
wprintf("%s", outbuf);
free(outbuf);
}
);
}
- stuff_to_cookie(cookie, WC->wc_session, WC->wc_username,
+ stuff_to_cookie(cookie, 1024, WC->wc_session, WC->wc_username,
WC->wc_password, WC->wc_roomname);
if (unset_cookies) {
/** If we can send the data out compressed, please do so. */
if (WC->gzip_ok) {
char *compressed_data = NULL;
- uLongf compressed_len;
+ size_t compressed_len;
- compressed_len = (uLongf) ((length * 101) / 100) + 100;
+ compressed_len = ((length * 101) / 100) + 100;
compressed_data = malloc(compressed_len);
if (compress_gzip((Bytef *) compressed_data,
wprintf("HTTP/1.1 404 Security check failed\r\n");
wprintf("Content-Type: text/plain\r\n");
wprintf("\r\n");
- wprintf("Security check failed.\r\n");
+ wprintf("You have sent a malformed or invalid request.\r\n");
}
goto SKIP_ALL_THIS_CRAP; /* Don't try to connect */
}