diff --git a/libmpdemux/http.c b/libmpdemux/http.c index 2368592f1f..f92aecf748 100644 --- a/libmpdemux/http.c +++ b/libmpdemux/http.c @@ -175,12 +175,12 @@ http_build_request( HTTP_header_t *http_hdr ) { if( http_hdr->method==NULL ) http_set_method( http_hdr, "GET"); if( http_hdr->uri==NULL ) http_set_uri( http_hdr, "/"); else { - uri = (char*)malloc((strlen(http_hdr->uri)*3) + 1); + uri = (char*)malloc(strlen(http_hdr->uri) + 1); if( uri==NULL ) { mp_msg(MSGT_NETWORK,MSGL_ERR,"Memory allocation failed\n"); return NULL; } - url_escape_string( uri, http_hdr->uri ); + strcpy(uri,http_hdr->uri); } //**** Compute the request length diff --git a/libmpdemux/open.c b/libmpdemux/open.c index 641dcbeb4b..5bf5b86a25 100644 --- a/libmpdemux/open.c +++ b/libmpdemux/open.c @@ -113,7 +113,6 @@ static void smb_auth_fn(const char *server, const char *share, stream_t* open_stream(char* filename,char** options, int* file_format){ stream_t* stream=NULL; -char *escfilename=NULL; int f=-1; off_t len; @@ -486,11 +485,7 @@ if(strncmp("dvd://",filename,6) == 0){ strncmp("vcd://", filename, 6) && strncmp("dvb://", filename, 6) && strncmp("cdda://", filename, 7) && strncmp("cddb://", filename, 7) && strstr(filename, "://")) { - //fix filenames with special characters - escfilename = malloc(strlen(filename)*4); - url_escape_string(escfilename,filename); - mp_msg(MSGT_OPEN,MSGL_V,"Filename for url is now %s\n",escfilename); - url = url_new(escfilename); + url = url_new(filename); } if(url) { if (strcmp(url->protocol, "smb")==0){ diff --git a/libmpdemux/url.c b/libmpdemux/url.c index 13fbc5104a..d6303f32ab 100644 --- a/libmpdemux/url.c +++ b/libmpdemux/url.c @@ -8,6 +8,7 @@ #include #include #include +#include #include "url.h" #include "mp_msg.h" @@ -16,33 +17,58 @@ URL_t* url_new(const char* url) { int pos1, pos2,v6addr = 0; URL_t* Curl; + char *escfilename=NULL; + char *unescfilename=NULL; char *ptr1=NULL, *ptr2=NULL, *ptr3=NULL, *ptr4=NULL; int jumpSize = 3; if( url==NULL ) return NULL; + // Create temp filename space + unescfilename=malloc(strlen(url)+1); + if (!unescfilename ) { + mp_msg(MSGT_NETWORK,MSGL_FATAL,"Memory allocation failed!\n"); + return NULL; + } + escfilename=malloc(strlen(url)*3+1); + if (!escfilename ) { + free(unescfilename); + mp_msg(MSGT_NETWORK,MSGL_FATAL,"Memory allocation failed!\n"); + return NULL; + } + // Create the URL container Curl = (URL_t*)malloc(sizeof(URL_t)); if( Curl==NULL ) { mp_msg(MSGT_NETWORK,MSGL_FATAL,"Memory allocation failed!\n"); + if (unescfilename) free(unescfilename); + if (escfilename) free(escfilename); return NULL; } + // Initialisation of the URL container members memset( Curl, 0, sizeof(URL_t) ); + //create unescaped/escaped versions of url + url_unescape_string(unescfilename,url); // this is to prevent us from escaping an unescaped string + // violating RFC 2396 + url_escape_string(escfilename,unescfilename); + free(unescfilename); + // Copy the url in the URL container - Curl->url = strdup(url); + Curl->url = strdup(escfilename); if( Curl->url==NULL ) { mp_msg(MSGT_NETWORK,MSGL_FATAL,"Memory allocation failed!\n"); url_free(Curl); return NULL; } + mp_msg(MSGT_OPEN,MSGL_V,"Filename for url is now %s\n",escfilename); // extract the protocol - ptr1 = strstr(url, "://"); + ptr1 = strstr(escfilename, "://"); if( ptr1==NULL ) { // Check for a special case: "sip:" (without "//"): - if (strstr(url, "sip:") == url) { + if (strstr(escfilename, "sip:") == escfilename) { ptr1 = (char *)&url[3]; // points to ':' jumpSize = 1; } else { @@ -51,9 +77,9 @@ url_new(const char* url) { return NULL; } } - pos1 = ptr1-url; + pos1 = ptr1-escfilename; Curl->protocol = (char*)malloc(pos1+1); - strncpy(Curl->protocol, url, pos1); + strncpy(Curl->protocol, escfilename, pos1); if( Curl->protocol==NULL ) { mp_msg(MSGT_NETWORK,MSGL_FATAL,"Memory allocation failed!\n"); url_free(Curl); @@ -99,7 +125,7 @@ url_new(const char* url) { Curl->password[len2]='\0'; } ptr1 = ptr2+1; - pos1 = ptr1-url; + pos1 = ptr1-escfilename; } // before looking for a port number check if we have an IPv6 type numeric address @@ -129,16 +155,16 @@ url_new(const char* url) { if( ptr3==NULL ) { // No path/filename // So we have an URL like http://www.hostname.com - pos2 = strlen(url); + pos2 = strlen(escfilename); } else { // We have an URL like http://www.hostname.com/file.txt - pos2 = ptr3-url; + pos2 = ptr3-escfilename; } } else { // We have an URL beginning like http://www.hostname.com:1212 // Get the port number Curl->port = atoi(ptr2+1); - pos2 = ptr2-url; + pos2 = ptr2-escfilename; } if( v6addr ) pos2--; // copy the hostname in the URL container @@ -177,6 +203,7 @@ url_new(const char* url) { strcpy(Curl->file, "/"); } + free(escfilename); return Curl; } @@ -195,16 +222,16 @@ url_free(URL_t* url) { /* Replace escape sequences in an URL (or a part of an URL) */ /* works like strcpy(), but without return argument */ -/* unescape_url_string comes from ASFRecorder */ void url_unescape_string(char *outbuf, const char *inbuf) { - unsigned char c; - do { - c = *inbuf++; - if (c == '%') { - unsigned char c1 = *inbuf++; - unsigned char c2 = *inbuf++; + unsigned char c,c1,c2; + int i,len=strlen(inbuf); + for (i=0;i='0' && c1<='9') || (c1>='A' && c1<='F')) && ((c2>='0' && c2<='9') || (c2>='A' && c2<='F')) ) { if (c1>='0' && c1<='9') c1-='0'; @@ -212,20 +239,29 @@ url_unescape_string(char *outbuf, const char *inbuf) if (c2>='0' && c2<='9') c2-='0'; else c2-='A'-10; c = (c1<<4) + c2; + i=i+2; //only skip next 2 chars if valid esc } } *outbuf++ = c; - } while (c != '\0'); + } + *outbuf++='\0'; //add nullterm to string } /* Replace specific characters in the URL string by an escape sequence */ /* works like strcpy(), but without return argument */ -/* escape_url_string comes from ASFRecorder */ void url_escape_string(char *outbuf, const char *inbuf) { - unsigned char c; - do { - c = *inbuf++; + unsigned char c,c1,c2; + int i,len=strlen(inbuf); + + for (i=0;i= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') || @@ -234,12 +270,21 @@ url_escape_string(char *outbuf, const char *inbuf) { c=='*' || c=='\'' || c=='(' || c==')' || /* do not touch escape character */ c==';' || c=='/' || c=='?' || c==':' || c=='@' || /* reserved characters */ c=='&' || c=='=' || c=='+' || c=='$' || c==',' || /* see RFC 2396 */ - c=='\0' ) { + c=='\0' ) { /* string term char */ *outbuf++ = c; + } else if ( c=='%' && ((c1 >= '0' && c1 <= '9') || (c1 >= 'A' && c1 <= 'F')) && + ((c2 >= '0' && c2 <= '9') || (c2 >= 'A' && c2 <= 'F'))) { + // check if part of an escape sequence + *outbuf++=c; // already + + // dont escape again + mp_msg(MSGT_NETWORK,MSGL_ERR,"string appears to be already escaped in url_escape %c%c1%c2\n",c,c1,c2); + // error as this should not happen against RFC 2396 + // to escape a string twice } else { /* all others will be escaped */ - unsigned char c1 = ((c & 0xf0) >> 4); - unsigned char c2 = (c & 0x0f); + c1 = ((c & 0xf0) >> 4); + c2 = (c & 0x0f); if (c1 < 10) c1+='0'; else c1+='A'-10; if (c2 < 10) c2+='0'; @@ -248,7 +293,8 @@ url_escape_string(char *outbuf, const char *inbuf) { *outbuf++ = c1; *outbuf++ = c2; } - } while (c != '\0'); + } + *outbuf++='\0'; } #ifdef __URL_DEBUG