misc: ISSPACE() => ISBLANK()
Instances of ISSPACE() use that should rather use ISBLANK(). I think somewhat carelessly used because it sounds as if it checks for space or whitespace, but also includes %0a to %0d. For parsing purposes, we should only accept what we must and not be overly liberal. It leads to surprises and surprises lead to bad things. Closes #9432
This commit is contained in:
Daniel Stenberg
parent
8dd95da35b
commit
6f9fb7ec2d
@ -1044,7 +1044,7 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data,
|
|||||||
size_t namelen;
|
size_t namelen;
|
||||||
|
|
||||||
/* Parse a single encoding name. */
|
/* Parse a single encoding name. */
|
||||||
while(ISSPACE(*enclist) || *enclist == ',')
|
while(ISBLANK(*enclist) || *enclist == ',')
|
||||||
enclist++;
|
enclist++;
|
||||||
|
|
||||||
name = enclist;
|
name = enclist;
|
||||||
|
|||||||
@ -47,7 +47,7 @@ CURLcode Curl_range(struct Curl_easy *data)
|
|||||||
from_t = curlx_strtoofft(data->state.range, &ptr, 0, &from);
|
from_t = curlx_strtoofft(data->state.range, &ptr, 0, &from);
|
||||||
if(from_t == CURL_OFFT_FLOW)
|
if(from_t == CURL_OFFT_FLOW)
|
||||||
return CURLE_RANGE_ERROR;
|
return CURLE_RANGE_ERROR;
|
||||||
while(*ptr && (ISSPACE(*ptr) || (*ptr == '-')))
|
while(*ptr && (ISBLANK(*ptr) || (*ptr == '-')))
|
||||||
ptr++;
|
ptr++;
|
||||||
to_t = curlx_strtoofft(ptr, &ptr2, 0, &to);
|
to_t = curlx_strtoofft(ptr, &ptr2, 0, &to);
|
||||||
if(to_t == CURL_OFFT_FLOW)
|
if(to_t == CURL_OFFT_FLOW)
|
||||||
|
|||||||
@ -422,7 +422,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
|
|||||||
char *endptr = finfo->b_data + 6;
|
char *endptr = finfo->b_data + 6;
|
||||||
/* here we can deal with directory size, pass the leading
|
/* here we can deal with directory size, pass the leading
|
||||||
whitespace and then the digits */
|
whitespace and then the digits */
|
||||||
while(ISSPACE(*endptr))
|
while(ISBLANK(*endptr))
|
||||||
endptr++;
|
endptr++;
|
||||||
while(ISDIGIT(*endptr))
|
while(ISDIGIT(*endptr))
|
||||||
endptr++;
|
endptr++;
|
||||||
@ -894,7 +894,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
|
|||||||
parser->item_length++;
|
parser->item_length++;
|
||||||
switch(parser->state.NT.sub.time) {
|
switch(parser->state.NT.sub.time) {
|
||||||
case PL_WINNT_TIME_PRESPACE:
|
case PL_WINNT_TIME_PRESPACE:
|
||||||
if(!ISSPACE(c)) {
|
if(!ISBLANK(c)) {
|
||||||
parser->state.NT.sub.time = PL_WINNT_TIME_TIME;
|
parser->state.NT.sub.time = PL_WINNT_TIME_TIME;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|||||||
@ -191,7 +191,7 @@ CURLcode Curl_pseudo_headers(struct Curl_easy *data,
|
|||||||
vptr = Curl_checkheaders(data, STRCONST(H2H3_PSEUDO_SCHEME));
|
vptr = Curl_checkheaders(data, STRCONST(H2H3_PSEUDO_SCHEME));
|
||||||
if(vptr) {
|
if(vptr) {
|
||||||
vptr += sizeof(H2H3_PSEUDO_SCHEME);
|
vptr += sizeof(H2H3_PSEUDO_SCHEME);
|
||||||
while(*vptr && ISSPACE(*vptr))
|
while(*vptr && ISBLANK(*vptr))
|
||||||
vptr++;
|
vptr++;
|
||||||
nva[2].value = vptr;
|
nva[2].value = vptr;
|
||||||
infof(data, "set pseudo header %s to %s", H2H3_PSEUDO_SCHEME, vptr);
|
infof(data, "set pseudo header %s to %s", H2H3_PSEUDO_SCHEME, vptr);
|
||||||
|
|||||||
@ -207,7 +207,7 @@ static CURLcode namevalue(char *header, size_t hlen, unsigned int type,
|
|||||||
return CURLE_BAD_FUNCTION_ARGUMENT;
|
return CURLE_BAD_FUNCTION_ARGUMENT;
|
||||||
|
|
||||||
/* skip all leading space letters */
|
/* skip all leading space letters */
|
||||||
while(*header && ISSPACE(*header))
|
while(*header && ISBLANK(*header))
|
||||||
header++;
|
header++;
|
||||||
|
|
||||||
*value = header;
|
*value = header;
|
||||||
@ -237,7 +237,7 @@ static CURLcode unfold_value(struct Curl_easy *data, const char *value,
|
|||||||
vlen--;
|
vlen--;
|
||||||
|
|
||||||
/* save only one leading space */
|
/* save only one leading space */
|
||||||
while((vlen > 1) && ISSPACE(value[0]) && ISSPACE(value[1])) {
|
while((vlen > 1) && ISBLANK(value[0]) && ISBLANK(value[1])) {
|
||||||
vlen--;
|
vlen--;
|
||||||
value++;
|
value++;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -156,7 +156,7 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
|
|||||||
return CURLE_OK;
|
return CURLE_OK;
|
||||||
|
|
||||||
do {
|
do {
|
||||||
while(*p && ISSPACE(*p))
|
while(*p && ISBLANK(*p))
|
||||||
p++;
|
p++;
|
||||||
if(Curl_strncasecompare("max-age=", p, 8)) {
|
if(Curl_strncasecompare("max-age=", p, 8)) {
|
||||||
bool quoted = FALSE;
|
bool quoted = FALSE;
|
||||||
@ -167,7 +167,7 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
|
|||||||
return CURLE_BAD_FUNCTION_ARGUMENT;
|
return CURLE_BAD_FUNCTION_ARGUMENT;
|
||||||
|
|
||||||
p += 8;
|
p += 8;
|
||||||
while(*p && ISSPACE(*p))
|
while(*p && ISBLANK(*p))
|
||||||
p++;
|
p++;
|
||||||
if(*p == '\"') {
|
if(*p == '\"') {
|
||||||
p++;
|
p++;
|
||||||
@ -200,7 +200,7 @@ CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
|
|||||||
p++;
|
p++;
|
||||||
}
|
}
|
||||||
|
|
||||||
while(*p && ISSPACE(*p))
|
while(*p && ISBLANK(*p))
|
||||||
p++;
|
p++;
|
||||||
if(*p == ';')
|
if(*p == ';')
|
||||||
p++;
|
p++;
|
||||||
|
|||||||
@ -58,11 +58,11 @@ CURLcode Curl_input_digest(struct Curl_easy *data,
|
|||||||
digest = &data->state.digest;
|
digest = &data->state.digest;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!checkprefix("Digest", header) || !ISSPACE(header[6]))
|
if(!checkprefix("Digest", header) || !ISBLANK(header[6]))
|
||||||
return CURLE_BAD_CONTENT_ENCODING;
|
return CURLE_BAD_CONTENT_ENCODING;
|
||||||
|
|
||||||
header += strlen("Digest");
|
header += strlen("Digest");
|
||||||
while(*header && ISSPACE(*header))
|
while(*header && ISBLANK(*header))
|
||||||
header++;
|
header++;
|
||||||
|
|
||||||
return Curl_auth_decode_digest_http_message(header, digest);
|
return Curl_auth_decode_digest_http_message(header, digest);
|
||||||
|
|||||||
@ -84,7 +84,7 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn,
|
|||||||
|
|
||||||
/* Obtain the input token, if any */
|
/* Obtain the input token, if any */
|
||||||
header += strlen("Negotiate");
|
header += strlen("Negotiate");
|
||||||
while(*header && ISSPACE(*header))
|
while(*header && ISBLANK(*header))
|
||||||
header++;
|
header++;
|
||||||
|
|
||||||
len = strlen(header);
|
len = strlen(header);
|
||||||
|
|||||||
@ -96,7 +96,7 @@ static int parsenetrc(const char *host,
|
|||||||
}
|
}
|
||||||
tok = netrcbuffer;
|
tok = netrcbuffer;
|
||||||
while(tok) {
|
while(tok) {
|
||||||
while(ISSPACE(*tok))
|
while(ISBLANK(*tok))
|
||||||
tok++;
|
tok++;
|
||||||
/* tok is first non-space letter */
|
/* tok is first non-space letter */
|
||||||
if(!*tok || (*tok == '#'))
|
if(!*tok || (*tok == '#'))
|
||||||
|
|||||||
@ -1068,8 +1068,8 @@ static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf,
|
|||||||
|
|
||||||
if(!binary) {
|
if(!binary) {
|
||||||
/* check for leading or trailing whitespace */
|
/* check for leading or trailing whitespace */
|
||||||
if(ISSPACE(bvals[i].bv_val[0]) ||
|
if(ISBLANK(bvals[i].bv_val[0]) ||
|
||||||
ISSPACE(bvals[i].bv_val[bvals[i].bv_len - 1]))
|
ISBLANK(bvals[i].bv_val[bvals[i].bv_len - 1]))
|
||||||
binval = 1;
|
binval = 1;
|
||||||
else {
|
else {
|
||||||
/* check for unprintable characters */
|
/* check for unprintable characters */
|
||||||
|
|||||||
@ -794,7 +794,7 @@ CURLcode Curl_rtsp_parseheader(struct Curl_easy *data, char *header)
|
|||||||
|
|
||||||
/* Find the first non-space letter */
|
/* Find the first non-space letter */
|
||||||
start = header + 8;
|
start = header + 8;
|
||||||
while(*start && ISSPACE(*start))
|
while(*start && ISBLANK(*start))
|
||||||
start++;
|
start++;
|
||||||
|
|
||||||
if(!*start) {
|
if(!*start) {
|
||||||
|
|||||||
@ -87,7 +87,7 @@ static curl_off_t strtooff(const char *nptr, char **endptr, int base)
|
|||||||
|
|
||||||
/* Skip leading whitespace. */
|
/* Skip leading whitespace. */
|
||||||
end = (char *)nptr;
|
end = (char *)nptr;
|
||||||
while(ISSPACE(end[0])) {
|
while(ISBLANK(end[0])) {
|
||||||
end++;
|
end++;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -222,7 +222,7 @@ CURLofft curlx_strtoofft(const char *str, char **endp, int base,
|
|||||||
errno = 0;
|
errno = 0;
|
||||||
*num = 0; /* clear by default */
|
*num = 0; /* clear by default */
|
||||||
|
|
||||||
while(*str && ISSPACE(*str))
|
while(*str && ISBLANK(*str))
|
||||||
str++;
|
str++;
|
||||||
if('-' == *str) {
|
if('-' == *str) {
|
||||||
if(endp)
|
if(endp)
|
||||||
|
|||||||
@ -521,7 +521,7 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
|
|||||||
char content[DIGEST_MAX_CONTENT_LENGTH];
|
char content[DIGEST_MAX_CONTENT_LENGTH];
|
||||||
|
|
||||||
/* Pass all additional spaces here */
|
/* Pass all additional spaces here */
|
||||||
while(*chlg && ISSPACE(*chlg))
|
while(*chlg && ISBLANK(*chlg))
|
||||||
chlg++;
|
chlg++;
|
||||||
|
|
||||||
/* Extract a value=content pair */
|
/* Extract a value=content pair */
|
||||||
@ -561,7 +561,7 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
|
|||||||
token = strtok_r(tmp, ",", &tok_buf);
|
token = strtok_r(tmp, ",", &tok_buf);
|
||||||
while(token) {
|
while(token) {
|
||||||
/* Pass additional spaces here */
|
/* Pass additional spaces here */
|
||||||
while(*token && ISSPACE(*token))
|
while(*token && ISBLANK(*token))
|
||||||
token++;
|
token++;
|
||||||
if(strcasecompare(token, DIGEST_QOP_VALUE_STRING_AUTH)) {
|
if(strcasecompare(token, DIGEST_QOP_VALUE_STRING_AUTH)) {
|
||||||
foundAuth = TRUE;
|
foundAuth = TRUE;
|
||||||
@ -622,7 +622,7 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
|
|||||||
break; /* We're done here */
|
break; /* We're done here */
|
||||||
|
|
||||||
/* Pass all additional spaces here */
|
/* Pass all additional spaces here */
|
||||||
while(*chlg && ISSPACE(*chlg))
|
while(*chlg && ISBLANK(*chlg))
|
||||||
chlg++;
|
chlg++;
|
||||||
|
|
||||||
/* Allow the list to be comma-separated */
|
/* Allow the list to be comma-separated */
|
||||||
|
|||||||
@ -259,7 +259,7 @@ CURLcode Curl_override_sspi_http_realm(const char *chlg,
|
|||||||
char content[DIGEST_MAX_CONTENT_LENGTH];
|
char content[DIGEST_MAX_CONTENT_LENGTH];
|
||||||
|
|
||||||
/* Pass all additional spaces here */
|
/* Pass all additional spaces here */
|
||||||
while(*chlg && ISSPACE(*chlg))
|
while(*chlg && ISBLANK(*chlg))
|
||||||
chlg++;
|
chlg++;
|
||||||
|
|
||||||
/* Extract a value=content pair */
|
/* Extract a value=content pair */
|
||||||
@ -292,7 +292,7 @@ CURLcode Curl_override_sspi_http_realm(const char *chlg,
|
|||||||
break; /* We're done here */
|
break; /* We're done here */
|
||||||
|
|
||||||
/* Pass all additional spaces here */
|
/* Pass all additional spaces here */
|
||||||
while(*chlg && ISSPACE(*chlg))
|
while(*chlg && ISBLANK(*chlg))
|
||||||
chlg++;
|
chlg++;
|
||||||
|
|
||||||
/* Allow the list to be comma-separated */
|
/* Allow the list to be comma-separated */
|
||||||
@ -333,7 +333,7 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
|
|||||||
char value[DIGEST_MAX_VALUE_LENGTH];
|
char value[DIGEST_MAX_VALUE_LENGTH];
|
||||||
char content[DIGEST_MAX_CONTENT_LENGTH];
|
char content[DIGEST_MAX_CONTENT_LENGTH];
|
||||||
|
|
||||||
while(*p && ISSPACE(*p))
|
while(*p && ISBLANK(*p))
|
||||||
p++;
|
p++;
|
||||||
|
|
||||||
if(!Curl_auth_digest_get_pair(p, value, content, &p))
|
if(!Curl_auth_digest_get_pair(p, value, content, &p))
|
||||||
@ -345,7 +345,7 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
while(*p && ISSPACE(*p))
|
while(*p && ISBLANK(*p))
|
||||||
p++;
|
p++;
|
||||||
|
|
||||||
if(',' == *p)
|
if(',' == *p)
|
||||||
|
|||||||
@ -1667,7 +1667,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
|
|||||||
if(from_t == CURL_OFFT_FLOW) {
|
if(from_t == CURL_OFFT_FLOW) {
|
||||||
return CURLE_RANGE_ERROR;
|
return CURLE_RANGE_ERROR;
|
||||||
}
|
}
|
||||||
while(*ptr && (ISSPACE(*ptr) || (*ptr == '-')))
|
while(*ptr && (ISBLANK(*ptr) || (*ptr == '-')))
|
||||||
ptr++;
|
ptr++;
|
||||||
to_t = curlx_strtoofft(ptr, &ptr2, 0, &to);
|
to_t = curlx_strtoofft(ptr, &ptr2, 0, &to);
|
||||||
if(to_t == CURL_OFFT_FLOW) {
|
if(to_t == CURL_OFFT_FLOW) {
|
||||||
|
|||||||
@ -2506,7 +2506,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
|
|||||||
from_t = curlx_strtoofft(data->state.range, &ptr, 0, &from);
|
from_t = curlx_strtoofft(data->state.range, &ptr, 0, &from);
|
||||||
if(from_t == CURL_OFFT_FLOW)
|
if(from_t == CURL_OFFT_FLOW)
|
||||||
return CURLE_RANGE_ERROR;
|
return CURLE_RANGE_ERROR;
|
||||||
while(*ptr && (ISSPACE(*ptr) || (*ptr == '-')))
|
while(*ptr && (ISBLANK(*ptr) || (*ptr == '-')))
|
||||||
ptr++;
|
ptr++;
|
||||||
to_t = curlx_strtoofft(ptr, &ptr2, 0, &to);
|
to_t = curlx_strtoofft(ptr, &ptr2, 0, &to);
|
||||||
if(to_t == CURL_OFFT_FLOW)
|
if(to_t == CURL_OFFT_FLOW)
|
||||||
|
|||||||
@ -336,7 +336,7 @@ static SECStatus set_ciphers(struct Curl_easy *data, PRFileDesc *model,
|
|||||||
char name[MAX_CIPHER_LENGTH + 1];
|
char name[MAX_CIPHER_LENGTH + 1];
|
||||||
size_t len;
|
size_t len;
|
||||||
bool found = FALSE;
|
bool found = FALSE;
|
||||||
while((*cipher) && (ISSPACE(*cipher)))
|
while((*cipher) && (ISBLANK(*cipher)))
|
||||||
++cipher;
|
++cipher;
|
||||||
|
|
||||||
end = strpbrk(cipher, ":, ");
|
end = strpbrk(cipher, ":, ");
|
||||||
|
|||||||
@ -4366,7 +4366,7 @@ static size_t ossl_version(char *buffer, size_t size)
|
|||||||
}
|
}
|
||||||
count = msnprintf(buffer, size, "%s/%s", OSSL_PACKAGE, ver);
|
count = msnprintf(buffer, size, "%s/%s", OSSL_PACKAGE, ver);
|
||||||
for(p = buffer; *p; ++p) {
|
for(p = buffer; *p; ++p) {
|
||||||
if(ISSPACE(*p))
|
if(ISBLANK(*p))
|
||||||
*p = '_';
|
*p = '_';
|
||||||
}
|
}
|
||||||
return count;
|
return count;
|
||||||
|
|||||||
@ -116,7 +116,7 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
|
|||||||
const char *etag_h = &str[5];
|
const char *etag_h = &str[5];
|
||||||
const char *eot = end - 1;
|
const char *eot = end - 1;
|
||||||
if(*eot == '\n') {
|
if(*eot == '\n') {
|
||||||
while(ISSPACE(*etag_h) && (etag_h < eot))
|
while(ISBLANK(*etag_h) && (etag_h < eot))
|
||||||
etag_h++;
|
etag_h++;
|
||||||
while(ISSPACE(*eot))
|
while(ISSPACE(*eot))
|
||||||
eot--;
|
eot--;
|
||||||
|
|||||||
@ -59,7 +59,7 @@ static void voutf(struct GlobalConfig *config,
|
|||||||
if(len > width) {
|
if(len > width) {
|
||||||
size_t cut = width-1;
|
size_t cut = width-1;
|
||||||
|
|
||||||
while(!ISSPACE(ptr[cut]) && cut) {
|
while(!ISBLANK(ptr[cut]) && cut) {
|
||||||
cut--;
|
cut--;
|
||||||
}
|
}
|
||||||
if(0 == cut)
|
if(0 == cut)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user