summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHiltjo Posthuma <hiltjo@codemadness.org>2020-01-18 19:26:04 +0100
committerHiltjo Posthuma <hiltjo@codemadness.org>2020-01-18 20:09:47 +0100
commit2b50075f9145b2261566f0f67eb9f31523c7bd71 (patch)
tree52f49877d3e95ea4701512d80f9ada4e65920af6
parent79ff3ecbc87072a8eaa3cf6a3f94101df500ecdf (diff)
improve XML entity conversion
- return -1 for invalid XML entities. - separate between NUL (&#0;) and invalid entities: although both are unwanted in sfeed. - validate the number range more strictly and don't wrap to unsigned. entities lik: "&#-1;" are handled as invalid now. "&#;" is also invalid instead of the same as "&#0;".
-rw-r--r--xml.c16
1 files changed, 8 insertions, 8 deletions
diff --git a/xml.c b/xml.c
index f7e000b..9c5d5fc 100644
--- a/xml.c
+++ b/xml.c
@@ -269,7 +269,7 @@ namedentitytostr(const char *e, char *buf, size_t bufsiz)
return 1;
}
}
- return 0;
+ return -1;
}
static int
@@ -286,12 +286,12 @@ numericentitytostr(const char *e, char *buf, size_t bufsiz)
errno = 0;
/* hex (16) or decimal (10) */
if (*e == 'x')
- l = strtoul(e + 1, &end, 16);
+ l = strtol(++e, &end, 16);
else
- l = strtoul(e, &end, 10);
- /* invalid value or not a well-formed entity or too high codepoint */
- if (errno || *end != ';' || l > 0x10FFFF)
- return 0;
+ l = strtol(e, &end, 10);
+ /* invalid value or not a well-formed entity or invalid codepoint */
+ if (errno || e == end || *end != ';' || l < 0 || l > 0x10ffff)
+ return -1;
len = codepointtoutf8(l, buf);
buf[len] = '\0';
@@ -299,13 +299,13 @@ numericentitytostr(const char *e, char *buf, size_t bufsiz)
}
/* convert named- or numeric entity string to buffer string
- * returns byte-length of string. */
+ * returns byte-length of string or -1 on failure. */
int
xml_entitytostr(const char *e, char *buf, size_t bufsiz)
{
/* doesn't start with & */
if (e[0] != '&')
- return 0;
+ return -1;
/* numeric entity */
if (e[1] == '#')
return numericentitytostr(e + 2, buf, bufsiz);