| author | Lukas Fleischer <cgit@cryptocrack.de> | 2011-03-30 23:21:39 (UTC) |
|---|---|---|
| committer | Lars Hjemli <hjemli@gmail.com> | 2011-05-23 20:58:35 (UTC) |
| commit | 070e109c1413d28b54eb6123a9fd24ac98897554 (patch) (unidiff) | |
| tree | 70f10262cdbc29cb9d083d24c03b1524a3d90ecd /html.c | |
| parent | c9059710e7a1dbd47c22c412e0ba8f591105e3cf (diff) | |
| download | cgit-070e109c1413d28b54eb6123a9fd24ac98897554.zip cgit-070e109c1413d28b54eb6123a9fd24ac98897554.tar.gz cgit-070e109c1413d28b54eb6123a9fd24ac98897554.tar.bz2 | |
Fix memory leak in http_parse_querystring().
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| -rw-r--r-- | html.c | 5 |
1 files changed, 3 insertions, 2 deletions
| @@ -101,222 +101,223 @@ void html_txt(const char *txt) | |||
| 101 | else if (c=='<') | 101 | else if (c=='<') |
| 102 | html("<"); | 102 | html("<"); |
| 103 | else if (c=='&') | 103 | else if (c=='&') |
| 104 | html("&"); | 104 | html("&"); |
| 105 | txt = t+1; | 105 | txt = t+1; |
| 106 | } | 106 | } |
| 107 | t++; | 107 | t++; |
| 108 | } | 108 | } |
| 109 | if (t!=txt) | 109 | if (t!=txt) |
| 110 | html(txt); | 110 | html(txt); |
| 111 | } | 111 | } |
| 112 | 112 | ||
| 113 | void html_ntxt(int len, const char *txt) | 113 | void html_ntxt(int len, const char *txt) |
| 114 | { | 114 | { |
| 115 | const char *t = txt; | 115 | const char *t = txt; |
| 116 | while(t && *t && len--){ | 116 | while(t && *t && len--){ |
| 117 | int c = *t; | 117 | int c = *t; |
| 118 | if (c=='<' || c=='>' || c=='&') { | 118 | if (c=='<' || c=='>' || c=='&') { |
| 119 | html_raw(txt, t - txt); | 119 | html_raw(txt, t - txt); |
| 120 | if (c=='>') | 120 | if (c=='>') |
| 121 | html(">"); | 121 | html(">"); |
| 122 | else if (c=='<') | 122 | else if (c=='<') |
| 123 | html("<"); | 123 | html("<"); |
| 124 | else if (c=='&') | 124 | else if (c=='&') |
| 125 | html("&"); | 125 | html("&"); |
| 126 | txt = t+1; | 126 | txt = t+1; |
| 127 | } | 127 | } |
| 128 | t++; | 128 | t++; |
| 129 | } | 129 | } |
| 130 | if (t!=txt) | 130 | if (t!=txt) |
| 131 | html_raw(txt, t - txt); | 131 | html_raw(txt, t - txt); |
| 132 | if (len<0) | 132 | if (len<0) |
| 133 | html("..."); | 133 | html("..."); |
| 134 | } | 134 | } |
| 135 | 135 | ||
| 136 | void html_attr(const char *txt) | 136 | void html_attr(const char *txt) |
| 137 | { | 137 | { |
| 138 | const char *t = txt; | 138 | const char *t = txt; |
| 139 | while(t && *t){ | 139 | while(t && *t){ |
| 140 | int c = *t; | 140 | int c = *t; |
| 141 | if (c=='<' || c=='>' || c=='\'' || c=='\"') { | 141 | if (c=='<' || c=='>' || c=='\'' || c=='\"') { |
| 142 | html_raw(txt, t - txt); | 142 | html_raw(txt, t - txt); |
| 143 | if (c=='>') | 143 | if (c=='>') |
| 144 | html(">"); | 144 | html(">"); |
| 145 | else if (c=='<') | 145 | else if (c=='<') |
| 146 | html("<"); | 146 | html("<"); |
| 147 | else if (c=='\'') | 147 | else if (c=='\'') |
| 148 | html("'"); | 148 | html("'"); |
| 149 | else if (c=='"') | 149 | else if (c=='"') |
| 150 | html("""); | 150 | html("""); |
| 151 | txt = t+1; | 151 | txt = t+1; |
| 152 | } | 152 | } |
| 153 | t++; | 153 | t++; |
| 154 | } | 154 | } |
| 155 | if (t!=txt) | 155 | if (t!=txt) |
| 156 | html(txt); | 156 | html(txt); |
| 157 | } | 157 | } |
| 158 | 158 | ||
| 159 | void html_url_path(const char *txt) | 159 | void html_url_path(const char *txt) |
| 160 | { | 160 | { |
| 161 | const char *t = txt; | 161 | const char *t = txt; |
| 162 | while(t && *t){ | 162 | while(t && *t){ |
| 163 | int c = *t; | 163 | int c = *t; |
| 164 | const char *e = url_escape_table[c]; | 164 | const char *e = url_escape_table[c]; |
| 165 | if (e && c!='+' && c!='&') { | 165 | if (e && c!='+' && c!='&') { |
| 166 | html_raw(txt, t - txt); | 166 | html_raw(txt, t - txt); |
| 167 | html(e); | 167 | html(e); |
| 168 | txt = t+1; | 168 | txt = t+1; |
| 169 | } | 169 | } |
| 170 | t++; | 170 | t++; |
| 171 | } | 171 | } |
| 172 | if (t!=txt) | 172 | if (t!=txt) |
| 173 | html(txt); | 173 | html(txt); |
| 174 | } | 174 | } |
| 175 | 175 | ||
| 176 | void html_url_arg(const char *txt) | 176 | void html_url_arg(const char *txt) |
| 177 | { | 177 | { |
| 178 | const char *t = txt; | 178 | const char *t = txt; |
| 179 | while(t && *t){ | 179 | while(t && *t){ |
| 180 | int c = *t; | 180 | int c = *t; |
| 181 | const char *e = url_escape_table[c]; | 181 | const char *e = url_escape_table[c]; |
| 182 | if (c == ' ') | 182 | if (c == ' ') |
| 183 | e = "+"; | 183 | e = "+"; |
| 184 | if (e) { | 184 | if (e) { |
| 185 | html_raw(txt, t - txt); | 185 | html_raw(txt, t - txt); |
| 186 | html(e); | 186 | html(e); |
| 187 | txt = t+1; | 187 | txt = t+1; |
| 188 | } | 188 | } |
| 189 | t++; | 189 | t++; |
| 190 | } | 190 | } |
| 191 | if (t!=txt) | 191 | if (t!=txt) |
| 192 | html(txt); | 192 | html(txt); |
| 193 | } | 193 | } |
| 194 | 194 | ||
| 195 | void html_hidden(const char *name, const char *value) | 195 | void html_hidden(const char *name, const char *value) |
| 196 | { | 196 | { |
| 197 | html("<input type='hidden' name='"); | 197 | html("<input type='hidden' name='"); |
| 198 | html_attr(name); | 198 | html_attr(name); |
| 199 | html("' value='"); | 199 | html("' value='"); |
| 200 | html_attr(value); | 200 | html_attr(value); |
| 201 | html("'/>"); | 201 | html("'/>"); |
| 202 | } | 202 | } |
| 203 | 203 | ||
| 204 | void html_option(const char *value, const char *text, const char *selected_value) | 204 | void html_option(const char *value, const char *text, const char *selected_value) |
| 205 | { | 205 | { |
| 206 | html("<option value='"); | 206 | html("<option value='"); |
| 207 | html_attr(value); | 207 | html_attr(value); |
| 208 | html("'"); | 208 | html("'"); |
| 209 | if (selected_value && !strcmp(selected_value, value)) | 209 | if (selected_value && !strcmp(selected_value, value)) |
| 210 | html(" selected='selected'"); | 210 | html(" selected='selected'"); |
| 211 | html(">"); | 211 | html(">"); |
| 212 | html_txt(text); | 212 | html_txt(text); |
| 213 | html("</option>\n"); | 213 | html("</option>\n"); |
| 214 | } | 214 | } |
| 215 | 215 | ||
| 216 | void html_link_open(const char *url, const char *title, const char *class) | 216 | void html_link_open(const char *url, const char *title, const char *class) |
| 217 | { | 217 | { |
| 218 | html("<a href='"); | 218 | html("<a href='"); |
| 219 | html_attr(url); | 219 | html_attr(url); |
| 220 | if (title) { | 220 | if (title) { |
| 221 | html("' title='"); | 221 | html("' title='"); |
| 222 | html_attr(title); | 222 | html_attr(title); |
| 223 | } | 223 | } |
| 224 | if (class) { | 224 | if (class) { |
| 225 | html("' class='"); | 225 | html("' class='"); |
| 226 | html_attr(class); | 226 | html_attr(class); |
| 227 | } | 227 | } |
| 228 | html("'>"); | 228 | html("'>"); |
| 229 | } | 229 | } |
| 230 | 230 | ||
| 231 | void html_link_close(void) | 231 | void html_link_close(void) |
| 232 | { | 232 | { |
| 233 | html("</a>"); | 233 | html("</a>"); |
| 234 | } | 234 | } |
| 235 | 235 | ||
| 236 | void html_fileperm(unsigned short mode) | 236 | void html_fileperm(unsigned short mode) |
| 237 | { | 237 | { |
| 238 | htmlf("%c%c%c", (mode & 4 ? 'r' : '-'), | 238 | htmlf("%c%c%c", (mode & 4 ? 'r' : '-'), |
| 239 | (mode & 2 ? 'w' : '-'), (mode & 1 ? 'x' : '-')); | 239 | (mode & 2 ? 'w' : '-'), (mode & 1 ? 'x' : '-')); |
| 240 | } | 240 | } |
| 241 | 241 | ||
| 242 | int html_include(const char *filename) | 242 | int html_include(const char *filename) |
| 243 | { | 243 | { |
| 244 | FILE *f; | 244 | FILE *f; |
| 245 | char buf[4096]; | 245 | char buf[4096]; |
| 246 | size_t len; | 246 | size_t len; |
| 247 | 247 | ||
| 248 | if (!(f = fopen(filename, "r"))) { | 248 | if (!(f = fopen(filename, "r"))) { |
| 249 | fprintf(stderr, "[cgit] Failed to include file %s: %s (%d).\n", | 249 | fprintf(stderr, "[cgit] Failed to include file %s: %s (%d).\n", |
| 250 | filename, strerror(errno), errno); | 250 | filename, strerror(errno), errno); |
| 251 | return -1; | 251 | return -1; |
| 252 | } | 252 | } |
| 253 | while((len = fread(buf, 1, 4096, f)) > 0) | 253 | while((len = fread(buf, 1, 4096, f)) > 0) |
| 254 | html_raw(buf, len); | 254 | html_raw(buf, len); |
| 255 | fclose(f); | 255 | fclose(f); |
| 256 | return 0; | 256 | return 0; |
| 257 | } | 257 | } |
| 258 | 258 | ||
| 259 | int hextoint(char c) | 259 | int hextoint(char c) |
| 260 | { | 260 | { |
| 261 | if (c >= 'a' && c <= 'f') | 261 | if (c >= 'a' && c <= 'f') |
| 262 | return 10 + c - 'a'; | 262 | return 10 + c - 'a'; |
| 263 | else if (c >= 'A' && c <= 'F') | 263 | else if (c >= 'A' && c <= 'F') |
| 264 | return 10 + c - 'A'; | 264 | return 10 + c - 'A'; |
| 265 | else if (c >= '0' && c <= '9') | 265 | else if (c >= '0' && c <= '9') |
| 266 | return c - '0'; | 266 | return c - '0'; |
| 267 | else | 267 | else |
| 268 | return -1; | 268 | return -1; |
| 269 | } | 269 | } |
| 270 | 270 | ||
| 271 | char *convert_query_hexchar(char *txt) | 271 | char *convert_query_hexchar(char *txt) |
| 272 | { | 272 | { |
| 273 | int d1, d2, n; | 273 | int d1, d2, n; |
| 274 | n = strlen(txt); | 274 | n = strlen(txt); |
| 275 | if (n < 3) { | 275 | if (n < 3) { |
| 276 | *txt = '\0'; | 276 | *txt = '\0'; |
| 277 | return txt-1; | 277 | return txt-1; |
| 278 | } | 278 | } |
| 279 | d1 = hextoint(*(txt+1)); | 279 | d1 = hextoint(*(txt+1)); |
| 280 | d2 = hextoint(*(txt+2)); | 280 | d2 = hextoint(*(txt+2)); |
| 281 | if (d1<0 || d2<0) { | 281 | if (d1<0 || d2<0) { |
| 282 | memmove(txt, txt+3, n-2); | 282 | memmove(txt, txt+3, n-2); |
| 283 | return txt-1; | 283 | return txt-1; |
| 284 | } else { | 284 | } else { |
| 285 | *txt = d1 * 16 + d2; | 285 | *txt = d1 * 16 + d2; |
| 286 | memmove(txt+1, txt+3, n-2); | 286 | memmove(txt+1, txt+3, n-2); |
| 287 | return txt; | 287 | return txt; |
| 288 | } | 288 | } |
| 289 | } | 289 | } |
| 290 | 290 | ||
| 291 | int http_parse_querystring(const char *txt_, void (*fn)(const char *name, const char *value)) | 291 | int http_parse_querystring(const char *txt_, void (*fn)(const char *name, const char *value)) |
| 292 | { | 292 | { |
| 293 | char *t, *txt, *value = NULL, c; | 293 | char *o, *t, *txt, *value = NULL, c; |
| 294 | 294 | ||
| 295 | if (!txt_) | 295 | if (!txt_) |
| 296 | return 0; | 296 | return 0; |
| 297 | 297 | ||
| 298 | t = txt = strdup(txt_); | 298 | o = t = txt = strdup(txt_); |
| 299 | if (t == NULL) { | 299 | if (t == NULL) { |
| 300 | printf("Out of memory\n"); | 300 | printf("Out of memory\n"); |
| 301 | exit(1); | 301 | exit(1); |
| 302 | } | 302 | } |
| 303 | while((c=*t) != '\0') { | 303 | while((c=*t) != '\0') { |
| 304 | if (c=='=') { | 304 | if (c=='=') { |
| 305 | *t = '\0'; | 305 | *t = '\0'; |
| 306 | value = t+1; | 306 | value = t+1; |
| 307 | } else if (c=='+') { | 307 | } else if (c=='+') { |
| 308 | *t = ' '; | 308 | *t = ' '; |
| 309 | } else if (c=='%') { | 309 | } else if (c=='%') { |
| 310 | t = convert_query_hexchar(t); | 310 | t = convert_query_hexchar(t); |
| 311 | } else if (c=='&') { | 311 | } else if (c=='&') { |
| 312 | *t = '\0'; | 312 | *t = '\0'; |
| 313 | (*fn)(txt, value); | 313 | (*fn)(txt, value); |
| 314 | txt = t+1; | 314 | txt = t+1; |
| 315 | value = NULL; | 315 | value = NULL; |
| 316 | } | 316 | } |
| 317 | t++; | 317 | t++; |
| 318 | } | 318 | } |
| 319 | if (t!=txt) | 319 | if (t!=txt) |
| 320 | (*fn)(txt, value); | 320 | (*fn)(txt, value); |
| 321 | free(o); | ||
| 321 | return 0; | 322 | return 0; |
| 322 | } | 323 | } |