]> gitweb.ps.run Git - ps-cgit/blobdiff - html.c
projects / ps-cgit / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Avoid null pointer dereference in reencode().
[ps-cgit] / html.c
diff --git a/html.c b/html.c
index 1305910b40f9513ef11a0eda21fb6d6d06e11ae5..a0f6db4b04bdca2215d0425f9f85ed70933d08ce 100644 (file)
--- a/html.c
+++ b/html.c
@@ -162,9 +162,9 @@ void html_url_path(const char *txt)
        while(t && *t){
                int c = *t;
                const char *e = url_escape_table[c];
-               if (e && c!='+' && c!='&' && c!='+') {
+               if (e && c!='+' && c!='&') {
                        html_raw(txt, t - txt);
-                       html_raw(e, 3);
+                       html(e);
                        txt = t+1;
                }
                t++;
@@ -179,9 +179,11 @@ void html_url_arg(const char *txt)
        while(t && *t){
                int c = *t;
                const char *e = url_escape_table[c];
+               if (c == ' ')
+                       e = "+";
                if (e) {
                        html_raw(txt, t - txt);
-                       html_raw(e, 3);
+                       html(e);
                        txt = t+1;
                }
                t++;
@@ -277,7 +279,7 @@ char *convert_query_hexchar(char *txt)
        d1 = hextoint(*(txt+1));
        d2 = hextoint(*(txt+2));
        if (d1<0 || d2<0) {
-               memmove(txt, txt+3, n-3);
+               memmove(txt, txt+3, n-2);
                return txt-1;
        } else {
                *txt = d1 * 16 + d2;
@@ -288,12 +290,12 @@ char *convert_query_hexchar(char *txt)
 
 int http_parse_querystring(const char *txt_, void (*fn)(const char *name, const char *value))
 {
-       char *t, *txt, *value = NULL, c;
+       char *o, *t, *txt, *value = NULL, c;
 
        if (!txt_)
                return 0;
 
-       t = txt = strdup(txt_);
+       o = t = txt = strdup(txt_);
        if (t == NULL) {
                printf("Out of memory\n");
                exit(1);
@@ -316,5 +318,6 @@ int http_parse_querystring(const char *txt_, void (*fn)(const char *name, const
        }
        if (t!=txt)
                (*fn)(txt, value);
+       free(o);
        return 0;
 }
Unnamed repository; edit this file 'description' to name the repository.