1 /***************************************************************************
3 * Project ___| | | | _ \| |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
8 * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.haxx.se/docs/copyright.html.
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
21 ***************************************************************************/
23 #include "curl_setup.h"
25 #include <curl/curl.h>
28 #include "curl_memory.h"
30 /* The last #include file should be: */
34 * "Remove Dot Segments"
35 * https://tools.ietf.org/html/rfc3986#section-5.2.4
42 * This function gets a zero-terminated path with dot and dotdot sequences
43 * passed in and strips them off according to the rules in RFC 3986 section
46 * The function handles a query part ('?' + stuff) appended but it expects
47 * that fragments ('#' + stuff) have already been cut off.
51 * an allocated dedotdotified output string
53 char *Curl_dedotdotify(const char *input)
55 size_t inlen = strlen(input);
57 size_t clen = inlen; /* the length of the cloned input */
58 char *out = malloc(inlen + 1);
63 return NULL; /* out of memory */
65 /* get a cloned copy of the input */
66 clone = strdup(input);
75 /* zero length string, return that */
81 * To handle query-parts properly, we must find it and remove it during the
82 * dotdot-operation and then append it again at the end to the output
85 queryp = strchr(clone, '?');
91 /* A. If the input buffer begins with a prefix of "../" or "./", then
92 remove that prefix from the input buffer; otherwise, */
94 if(!strncmp("./", clone, 2)) {
98 else if(!strncmp("../", clone, 3)) {
103 /* B. if the input buffer begins with a prefix of "/./" or "/.", where
104 "." is a complete path segment, then replace that prefix with "/" in
105 the input buffer; otherwise, */
106 else if(!strncmp("/./", clone, 3)) {
110 else if(!strcmp("/.", clone)) {
116 /* C. if the input buffer begins with a prefix of "/../" or "/..", where
117 ".." is a complete path segment, then replace that prefix with "/" in
118 the input buffer and remove the last segment and its preceding "/" (if
119 any) from the output buffer; otherwise, */
121 else if(!strncmp("/../", clone, 4)) {
124 /* remove the last segment from the output buffer */
125 while(outptr > out) {
130 *outptr = 0; /* zero-terminate where it stops */
132 else if(!strcmp("/..", clone)) {
136 /* remove the last segment from the output buffer */
137 while(outptr > out) {
142 *outptr = 0; /* zero-terminate where it stops */
145 /* D. if the input buffer consists only of "." or "..", then remove
146 that from the input buffer; otherwise, */
148 else if(!strcmp(".", clone) || !strcmp("..", clone)) {
154 /* E. move the first path segment in the input buffer to the end of
155 the output buffer, including the initial "/" character (if any) and
156 any subsequent characters up to, but not including, the next "/"
157 character or the end of the input buffer. */
160 *outptr++ = *clone++;
162 } while(*clone && (*clone != '/'));
170 /* There was a query part, append that to the output. The 'clone' string
171 may now have been altered so we copy from the original input string
172 from the correct index. */
173 size_t oindex = queryp - orgclone;
174 qlen = strlen(&input[oindex]);
175 memcpy(outptr, &input[oindex], qlen + 1); /* include the end zero byte */