Introduce a new function check_encoding_name() for doing a basic check on encoding...

[wget] / src / iri.c

diff --git a/src/iri.c b/src/iri.c
index 797ffa44a6825f550333209b5c9b7f5684b45ff6..fea7b150e7a5e3163ec642d68c0738b9bad9fbca 100644 (file)
--- a/src/iri.c
+++ b/src/iri.c
@@ -35,6 +35,8 @@ as that of the covered work.  */
 #include <assert.h>
 #include <string.h>
 
+#include <stringprep.h>
+
 #include "utils.h"
 #include "iri.h"
 
@@ -62,6 +64,14 @@ parse_charset (char *str)
 
   /* sXXXav: could strdupdelim return NULL ? */
   charset = strdupdelim (str, charset);
+
+  /* Do a minimum check on the charset value */
+  if (!check_encoding_name (charset))
+    {
+      xfree (charset);
+      return NULL;
+    }
+
   logprintf (LOG_VERBOSE, "parse_charset: %s\n", quote (charset));
 
   return charset;
@@ -73,7 +83,28 @@ char *
 find_locale (void)
 {
   /* sXXXav, made our own function or use libidn one ?! */
-  return stringprep_locale_charset ();
+  return (char *) stringprep_locale_charset ();
+}
+
+
+/* Basic check of an encoding name. */
+bool
+check_encoding_name (char *encoding)
+{
+  char *s = encoding;
+
+  while (*s)
+    {
+      if (!c_isascii(*s) || c_isspace(*s))
+        {
+          logprintf (LOG_VERBOSE, "Encoding %s isn't valid\n", quote(encoding));
+          return false;
+        }
+
+      s++;
+    }
+
+  return true;
 }