From 2b50075f9145b2261566f0f67eb9f31523c7bd71 Mon Sep 17 00:00:00 2001
From: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Sat, 18 Jan 2020 19:26:04 +0100
Subject: improve XML entity conversion

- return -1 for invalid XML entities.
- separate between NUL (&#0;) and invalid entities: although both are
  unwanted in sfeed.
- validate the number range more strictly and don't wrap to unsigned.
  entities lik: "&#-1;" are handled as invalid now. "&#;" is also invalid
  instead of the same as "&#0;".
---
 xml.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/xml.c b/xml.c
index f7e000b..9c5d5fc 100644
--- a/xml.c
+++ b/xml.c
@@ -269,7 +269,7 @@ namedentitytostr(const char *e, char *buf, size_t bufsiz)
 			return 1;
 		}
 	}
-	return 0;
+	return -1;
 }
 
 static int
@@ -286,12 +286,12 @@ numericentitytostr(const char *e, char *buf, size_t bufsiz)
 	errno = 0;
 	/* hex (16) or decimal (10) */
 	if (*e == 'x')
-		l = strtoul(e + 1, &end, 16);
+		l = strtol(++e, &end, 16);
 	else
-		l = strtoul(e, &end, 10);
-	/* invalid value or not a well-formed entity or too high codepoint */
-	if (errno || *end != ';' || l > 0x10FFFF)
-		return 0;
+		l = strtol(e, &end, 10);
+	/* invalid value or not a well-formed entity or invalid codepoint */
+	if (errno || e == end || *end != ';' || l < 0 || l > 0x10ffff)
+		return -1;
 	len = codepointtoutf8(l, buf);
 	buf[len] = '\0';
 
@@ -299,13 +299,13 @@ numericentitytostr(const char *e, char *buf, size_t bufsiz)
 }
 
 /* convert named- or numeric entity string to buffer string
- * returns byte-length of string. */
+ * returns byte-length of string or -1 on failure. */
 int
 xml_entitytostr(const char *e, char *buf, size_t bufsiz)
 {
 	/* doesn't start with & */
 	if (e[0] != '&')
-		return 0;
+		return -1;
 	/* numeric entity */
 	if (e[1] == '#')
 		return numericentitytostr(e + 2, buf, bufsiz);
-- 
cgit v1.2.3