From eb5e0599afe3bae86a375acea4d8ca106594c45b Mon Sep 17 00:00:00 2001
From: Vincent Sanders <vince@kyllikki.org>
Date: Wed, 3 Aug 2016 15:04:28 +0100
Subject: Improve percent escaping testing, parameter checking and
 documentation

---
 utils/url.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

(limited to 'utils')

diff --git a/utils/url.c b/utils/url.c
index 861a62bdc..7a7b7a196 100644
--- a/utils/url.c
+++ b/utils/url.c
@@ -18,8 +18,17 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-/** \file
- * \brief Implementation of URL parsing and joining operations.
+/**
+ * \file
+ * \brief Implementation of URI percent escaping.
+ *
+ * Percent encoding of URI is subject to RFC3986 however this is not
+ * implementing URI behaviour purely the percent encoding so only the
+ * unreserved set is not encoded and arbitrary binary data may be
+ * unescaped.
+ *
+ * \note Earlier RFC (2396, 1738 and 1630) list the tilde ~ character
+ * as special so its handling is ambiguious
  */
 
 #include <ctype.h>
@@ -37,7 +46,7 @@
  *
  * Must be called with valid hex char, results undefined otherwise.
  *
- * \param[in]  c  char to convert yo value
+ * \param[in] c character to convert to value
  * \return the value of c
  */
 static inline char xdigit_to_hex(char c)
@@ -61,6 +70,10 @@ nserror url_unescape(const char *str, size_t length,
 	char *res_pos;
 	char *result;
 
+	if ((str == NULL) || (result_out == NULL)) {
+		return NSERROR_BAD_PARAMETER;
+	}
+
 	if (length == 0) {
 		length = strlen(str);
 	}
@@ -121,7 +134,7 @@ nserror url_escape(const char *unescaped, bool sptoplus,
 	const char *c;
 
 	if (unescaped == NULL || result == NULL) {
-		return NSERROR_NOT_FOUND;
+		return NSERROR_BAD_PARAMETER;
 	}
 
 	len = strlen(unescaped);
-- 
cgit v1.2.3