[Redbutton-devel] SF.net SVN: redbutton: [392] redbutton-author/trunk/der_encode.c

[<ski...@us...>]

Revision: 392
          http://redbutton.svn.sourceforge.net/redbutton/?rev=392&view=rev
Author:   skilvington
Date:     2007-09-18 05:18:13 -0700 (Tue, 18 Sep 2007)

Log Message:
-----------
STRING is only allowed to contain chars 0x20 to 0x7e

Modified Paths:
--------------
    redbutton-author/trunk/der_encode.c

Modified: redbutton-author/trunk/der_encode.c
===================================================================
--- redbutton-author/trunk/der_encode.c	2007-09-18 12:12:11 UTC (rev 391)
+++ redbutton-author/trunk/der_encode.c	2007-09-18 12:18:13 UTC (rev 392)
@@ -50,12 +50,14 @@
 
 /*
  * string is enclosed in "
+ * contains chars 0x20 to 0x7e
  * " and \ within the string are encoded as \" and \\
  */
 
 void
 convert_STRING(unsigned char **out, unsigned int *len, const char *str)
 {
+	unsigned char *whole_str = str;
 	unsigned char *p;
 
 	/* max size it could be */
@@ -66,8 +68,12 @@
 	p = *out;
 	while(*str != '"')
 	{
-		if(*str != '\\')
+		if(*str < 0x20 || *str > 0x7e)
 		{
+			fatal("Invalid character (0x%02x) in STRING: %s", *str, whole_str);
+		}
+		else if(*str != '\\')
+		{
 			*p = *str;
 			p ++;
 			str ++;
@@ -86,13 +92,13 @@
 		}
 		else
 		{
-			fatal("Invalid escape sequence in STRING: %s", str - 1);
+			fatal("Invalid escape sequence in STRING: %s", whole_str);
 		}
 	}
 
 	/* check we got to the closing quote */
 	if(*(str + 1) != '\0')
-		fatal("Unquoted \" in STRING: %s", str - 1);
+		fatal("Unquoted \" in STRING: %s", whole_str);
 
 	/* return the length (note: no \0 terminator) */
 	*len = (p - *out);


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.