Hello,

Here is an updated patch, using memmove. Much smaller.

Thanks for the suggestions,

Noah Sanci


On Thu, Aug 26, 2021 at 5:02 PM Frank Ch. Eigler <fche@redhat.com> wrote:
>
> Hi -
>
> >            /* PR28034 escape characters in completed url to %hh format. */
> > -          char *escaped_string;
> > -          escaped_string = curl_easy_escape(data[i].handle, filename, 0);
> > -          if (!escaped_string)
> > +          char escaped_string[PATH_MAX] = {'\0'};
> > +          char *loc = (char *) filename;
> > +          char *loc2;
> > +          char *tmp;
> > +          for(size_t j = 0; j < strlen(filename); ++j)
> >              {
> > -              rc = -ENOMEM;
> > -              goto out2;
> > +              loc2 = strstr(loc, "/");
> > +              // If the first character is a '/'
> > [...]
>
> Holy cow that's a lot of work to do it this way.
> A couple of alternatives:
>
> - ditch curl_easy_escape :-( and use a
>   malloc(strlen(x)*3)
>   byte-by-byte copy from source string into destination
>     if not [a-zA-Z0-9/.~] then %-escape
>
> or:
> - keep curl_easy_escape and postprocess
>   byte-by-byte examine the result of curl_easy_escape
>   - if seeing a "%2F", replace the % with a / and memmove the
>     rest of the string 2 bytes ahead
>
> It shouldn't need strtok or strstr or a lot of logic or stuff like
> that really.
>
> - FChE
>