WUtil: Fixed risky code for de-escaping of strings

The internal function 'unescapestr' is used to transform strings which
may contain escape sequences (\x) into their plain representation.

There are a few cases where the function can misbehave (typically parse
after the end of string, thus writing past the end of the reserved
result area) which can be a source of problem later. The new code
should be safer.

WINGs/proplist.c

@@ -508,16 +508,33 @@ static char *unescapestr(const char *src)
 	char *dPtr;
 	char ch;
 
-	for (dPtr = dest; *src; src++, dPtr++) {
+	for (dPtr = dest; ; dPtr++) {
-		if (*src != '\\') {
+		ch = *src++;
-			*dPtr = *src;
+		if (ch == '\0')
-		} else {
+			break;
-			ch = *(++src);
+		else if (ch != '\\')
-			if ((ch >= '0') && (ch <= '3')) {
+			*dPtr = ch;
-				/* assume next 2 chars are octal too */
+		else {
-				*dPtr = ((ch & 07) << 6);
+			ch = *(src++);
-				*dPtr |= ((*(++src) & 07) << 3);
+			if (ch == '\0') {
-				*dPtr |= *(++src) & 07;
+				*dPtr = '\\';
+				break;
+			} else if ((ch >= '0') && (ch <= '7')) {
+				char wch;
+
+				/* Convert octal number to character */
+				wch = (ch & 07);
+				ch = *src;
+				if ((ch >= '0') && (ch <= '7')) {
+					src++;
+					wch = (wch << 3) | (ch & 07);
+					ch = *src;
+					if ((ch >= '0') && (ch <= '7')) {
+						src++;
+						wch = (wch << 3) | (ch & 07);
+					}
+				}
+				*dPtr = wch;
 			} else {
 				switch (ch) {
 				case 'a':
@@ -542,7 +559,7 @@ static char *unescapestr(const char *src)
 					*dPtr = '\f';
 					break;
 				default:
-					*dPtr = *src;
+					*dPtr = ch;
 				}
 			}
 		}