Introduce a new function check_encoding_name() for doing a basic check on encoding...

[wget] / src / iri.c

diff --git a/src/iri.c b/src/iri.c
index b87e6ebeb467decb8fba2614033593e5032ad28d..fea7b150e7a5e3163ec642d68c0738b9bad9fbca 100644 (file)
--- a/src/iri.c
+++ b/src/iri.c
@@ -64,6 +64,14 @@ parse_charset (char *str)
 
   /* sXXXav: could strdupdelim return NULL ? */
   charset = strdupdelim (str, charset);
+
+  /* Do a minimum check on the charset value */
+  if (!check_encoding_name (charset))
+    {
+      xfree (charset);
+      return NULL;
+    }
+
   logprintf (LOG_VERBOSE, "parse_charset: %s\n", quote (charset));
 
   return charset;
@@ -79,3 +87,24 @@ find_locale (void)
 }
 
 
+/* Basic check of an encoding name. */
+bool
+check_encoding_name (char *encoding)
+{
+  char *s = encoding;
+
+  while (*s)
+    {
+      if (!c_isascii(*s) || c_isspace(*s))
+        {
+          logprintf (LOG_VERBOSE, "Encoding %s isn't valid\n", quote(encoding));
+          return false;
+        }
+
+      s++;
+    }
+
+  return true;
+}
+
+