commit d7a438b2f8096597169c6163b0045e27f31f59fb
parent bf518929b9da24e99ccb3e2b88e38b206ff6de07
Author: FRIGN <dev@frign.de>
Date: Sat, 14 Feb 2015 22:54:18 +0100
Add \e, \", \' and hex-escapes (\xH[H]) to unescape()
So the users control the program, and the program doesn't
control the users.
Diffstat:
1 file changed, 24 insertions(+), 0 deletions(-)
diff --git a/libutil/unescape.c b/libutil/unescape.c
@@ -17,13 +17,37 @@ unescape(char *s)
switch (s[i + 1]) {
case '\\': s[i] = '\\'; off++; break;
+ case '\'': s[i] = '\'', off++; break;
+ case '"': s[i] = '"', off++; break;
case 'a': s[i] = '\a'; off++; break;
case 'b': s[i] = '\b'; off++; break;
+ case 'e': s[i] = 033; off++; break;
case 'f': s[i] = '\f'; off++; break;
case 'n': s[i] = '\n'; off++; break;
case 'r': s[i] = '\r'; off++; break;
case 't': s[i] = '\t'; off++; break;
case 'v': s[i] = '\v'; off++; break;
+ case 'x':
+ /* "\xH[H]" hexadecimal escape */
+ for (m = i + 2; m < i + 1 + 3 && m < len; m++)
+ if ((s[m] < '0' && s[m] > '9') &&
+ (s[m] < 'A' && s[m] > 'F') &&
+ (s[m] < 'a' && s[m] > 'f'))
+ break;
+ if (m == i + 2)
+ eprintf("%s: invalid escape sequence '\\%c'\n", argv0, s[i + 1]);
+ off += m - i - 1;
+ for (--m, q = 0, factor = 1; m > i + 1; m--) {
+ if (s[m] >= '0' && s[m] <= '9')
+ q += (s[m] - '0') * factor;
+ else if (s[m] >= 'A' && s[m] <= 'F')
+ q += ((s[m] - 'A') + 10) * factor;
+ else if (s[m] >= 'a' && s[m] <= 'f')
+ q += ((s[m] - 'a') + 10) * factor;
+ factor *= 16;
+ }
+ s[i] = q;
+ break;
case '\0':
eprintf("%s: null escape sequence\n", argv0);
default:
