uhttpd/file: fix string out of buffer range on uh_defer_script

[project/uhttpd.git] / utils.c

diff --git a/utils.c b/utils.c
index 1c21fc56eaddc555aac290000042ed2731411c4a..6502d948f7d8c9766fac463d87495dbbd53401fa 100644 (file)
--- a/utils.c
+++ b/utils.c
@@ -28,7 +28,11 @@ bool uh_use_chunked(struct client *cl)
        if (cl->request.method == UH_HTTP_MSG_HEAD || cl->request.method == UH_HTTP_MSG_OPTIONS)
                return false;
 
-       return true;
+       /* RFC2616 10.2.5, 10.3.5 */
+       if (cl->http_code == 204 || cl->http_code == 304)
+               return false;
+
+       return !cl->request.disable_chunked;
 }
 
 void uh_chunk_write(struct client *cl, const void *data, int len)
@@ -43,7 +47,7 @@ void uh_chunk_write(struct client *cl, const void *data, int len)
                ustream_printf(cl->us, "%X\r\n", len);
        ustream_write(cl->us, data, len, true);
        if (chunked)
-               ustream_printf(cl->us, "\r\n", len);
+               ustream_printf(cl->us, "\r\n");
 }
 
 void uh_chunk_vprintf(struct client *cl, const char *format, va_list arg)
@@ -70,7 +74,7 @@ void uh_chunk_vprintf(struct client *cl, const char *format, va_list arg)
                ustream_write(cl->us, buf, len, true);
        else
                ustream_vprintf(cl->us, format, arg);
-       ustream_printf(cl->us, "\r\n", len);
+       ustream_printf(cl->us, "\r\n");
 }
 
 void uh_chunk_printf(struct client *cl, const char *format, ...)
@@ -204,10 +208,14 @@ bool uh_path_match(const char *prefix, const char *url)
 {
        int len = strlen(prefix);
 
+       /* A prefix of "/" will - by definition - match any url */
+       if (prefix[0] == '/' && len == 1)
+               return true;
+
        if (strncmp(url, prefix, len) != 0)
                return false;
 
-       return url[len] == '/' || url[len] == 0;
+       return url[len] == '/' || url[len] == '?' || url[len] == 0;
 }
 
 char *uh_split_header(char *str)
@@ -241,3 +249,45 @@ bool uh_addr_rfc1918(struct uh_addr *addr)
 
        return 0;
 }
+
+
+static bool is_html_special_char(char c)
+{
+       switch (c)
+       {
+       case 0x22:
+       case 0x26:
+       case 0x27:
+       case 0x3C:
+       case 0x3E:
+               return true;
+
+       default:
+               return false;
+       }
+}
+
+char *uh_htmlescape(const char *str)
+{
+       size_t i, len;
+       char *p, *copy;
+
+       for (i = 0, len = 1; str[i]; i++)
+               if (is_html_special_char(str[i]))
+                       len += 6; /* &#x??; */
+               else
+                       len++;
+
+       copy = calloc(1, len);
+
+       if (!copy)
+               return NULL;
+
+       for (i = 0, p = copy; str[i]; i++)
+               if (is_html_special_char(str[i]))
+                       p += sprintf(p, "&#x%02x;", (unsigned int)str[i]);
+               else
+                       *p++ = str[i];
+
+       return copy;
+}