[PATCH 2/8] hex-escape: be more strict about the format while decoding

Jani Nikula jani at nikula.org
Sat Mar 31 15:17:22 PDT 2012


Signed-off-by: Jani Nikula <jani at nikula.org>

---

This could be folded to "hex-escape: (en|de)code strings to/from
restricted character set".
---
 util/hex-escape.c |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/util/hex-escape.c b/util/hex-escape.c
index 6c1260b..9de79df 100644
--- a/util/hex-escape.c
+++ b/util/hex-escape.c
@@ -21,6 +21,7 @@
 #include <assert.h>
 #include <string.h>
 #include <talloc.h>
+#include <ctype.h>
 #include "error_util.h"
 #include "hex-escape.h"
 
@@ -131,18 +132,18 @@ hex_decode (void *ctx, const char *in, char **out, size_t * out_size)
 
 	    char *endp;
 
-	    if (len < 3)
+	    if (!isxdigit ((unsigned char) p[1]) ||
+		!isxdigit ((unsigned char) p[2]))
 		return HEX_SYNTAX_ERROR;
 
 	    buf[0] = p[1];
 	    buf[1] = p[2];
 
-	    *q = strtol (buf, &endp, 16);
+	    *q = strtoul (buf, &endp, 16);
 
 	    if (endp != buf + 2)
 		return HEX_SYNTAX_ERROR;
 
-	    len -= 3;
 	    p += 3;
 	    q++;
 	} else {
-- 
1.7.5.4



More information about the notmuch mailing list