colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

shared: use nm_utils_buf_utf8safe_unescape() for nm_utils_str_utf8safe_unescape()

Browse Source 
nm_utils_buf_utf8safe_unescape() is almost the same as g_strcompress(),
with the only difference is that if the string contains NUL escapes "\000",
it will be handled correctly.

In other words, g_strcompress() and nm_utils_str_utf8safe_unescape() can only
unescape values, that contain no NUL escapes. That's why we added our
own binary unescape function.

As we already have our g_strcompress() variant, use it. It just gives it more
testing and usage. Also, we have full control over it's behavior. For example,
g_strcompress() issues a g_warning() when encountering a trailing '\\'. I
think this makes it unsuitable to unescape untrusted data. Either the function
should fail, or just make the best of it. Currently, our implementation
does the latter.
This commit is contained in:
Thomas Haller
2018-09-09 16:03:52 +02:00
parent 27e788cce8
commit beec47e70a
1 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
shared/nm-glib-aux/nm-shared-utils.c
View File

@@ -2264,6 +2264,9 @@ nm_utils_buf_utf8safe_unescape (const char *str, gsize *out_len, gpointer *to_fr
v = v * 8 + (ch - '0'); v = v * 8 + (ch - '0');
ch = (++str)[0]; ch = (++str)[0];
if (ch >= '0' && ch <= '7') { if (ch >= '0' && ch <= '7') {
/* technically, escape sequences larger than \3FF are out of range
* and invalid. We don't check for that, and do the same as
* g_strcompress(): silently clip the value with & 0xFF. */
v = v * 8 + (ch - '0'); v = v * 8 + (ch - '0');
++str; ++str;
} }
@@ -2432,13 +2435,11 @@ nm_utils_buf_utf8safe_escape_bytes (GBytes *bytes, NMUtilsStrUtf8SafeFlags flags
const char * const char *
nm_utils_str_utf8safe_unescape (const char *str, char **to_free) nm_utils_str_utf8safe_unescape (const char *str, char **to_free)
{ {
gsize len;
g_return_val_if_fail (to_free, NULL); g_return_val_if_fail (to_free, NULL);
if (!str || !strchr (str, '\\')) { return nm_utils_buf_utf8safe_unescape (str, &len, (gpointer *) to_free);
*to_free = NULL;
return str;
}
return (*to_free = g_strcompress (str));
} }
/** /**
@@ -2498,7 +2499,10 @@ nm_utils_str_utf8safe_escape_cp (const char *str, NMUtilsStrUtf8SafeFlags flags)
char * char *
nm_utils_str_utf8safe_unescape_cp (const char *str) nm_utils_str_utf8safe_unescape_cp (const char *str)
{ {
return str ? g_strcompress (str) : NULL; char *s;
str = nm_utils_str_utf8safe_unescape (str, &s);
return s ?: g_strdup (str);
} }
char * char *