|
|
| version 1.98, 2002/02/28 15:40:40 | version 1.148, 2009/07/06 08:45:35 |
|---|---|
| Line 1 | Line 1 |
| /** @file | /** @file |
| Parser: String class part: untaint mechanizm. | Parser: String class part: untaint mechanizm. |
| Copyright(c) 2001, 2002 ArtLebedev Group (http://www.artlebedev.com) | Copyright(c) 2001-2005 ArtLebedev Group (http://www.artlebedev.com) |
| Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru) | Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru) |
| $Id$ | |
| */ | */ |
| #include "pa_pool.h" | static const char * const IDENT_UNTAINT_C="$Date$"; |
| #include "pa_string.h" | #include "pa_string.h" |
| #include "pa_hash.h" | #include "pa_hash.h" |
| #include "pa_exception.h" | #include "pa_exception.h" |
| #include "pa_table.h" | #include "pa_table.h" |
| #include "pa_globals.h" | #include "pa_globals.h" |
| #include "pa_sql_connection.h" | |
| #include "pa_dictionary.h" | #include "pa_dictionary.h" |
| #include "pa_common.h" | #include "pa_common.h" |
| #include "pa_charset.h" | #include "pa_charset.h" |
| #include "pa_request_charsets.h" | |
| #include "pa_sapi.h" | |
| //#define DEBUG_STRING_APPENDS_VS_EXPANDS | extern "C" { // author forgot to do that |
| #include "ec.h" | |
| } | |
| #ifdef DEBUG_STRING_APPENDS_VS_EXPANDS | #include "pa_sql_connection.h" |
| ulong string_string_shortcut_economy=0; | |
| #endif | |
| #define escape(action) \ | // defines |
| { \ | |
| const char *src=row->item.ptr; \ | #undef CORD_ec_append |
| for(int size=row->item.size; size--; src++) \ | // redefining to intercept flushes and implement whitespace optimization |
| action \ | // of all consequent white space chars leaving only first one |
| #define CORD_ec_append(x, c) \ | |
| { \ | |
| bool skip=false; \ | |
| if(optimize) switch(c) { \ | |
| case ' ': case '\n': case '\t': \ | |
| if(whitespace) \ | |
| skip=true; /*skipping subsequent*/ \ | |
| else \ | |
| whitespace=true; \ | |
| break; \ | |
| default: \ | |
| whitespace=false; \ | |
| break; \ | |
| } \ | |
| if(!skip) { \ | |
| if ((x)[0].ec_bufptr == (x)[0].ec_buf + CORD_BUFSZ) { \ | |
| CORD_ec_flush_buf(x); \ | |
| } \ | |
| *((x)[0].ec_bufptr)++ = (c); \ | |
| } \ | |
| } | |
| #define escape_fragment(action) \ | |
| for(; fragment_length--; CORD_next(info->pos)) { \ | |
| char c=CORD_pos_fetch(info->pos); \ | |
| action \ | |
| } | } |
| #define _default default: *dest++=*src; break | #define _default CORD_ec_append(info->result, c) |
| #define encode(need_encode_func, prefix) \ | #define encode(need_encode_func, prefix, otherwise) \ |
| if(need_encode_func(*src)) { \ | if(need_encode_func(c)) { \ |
| static const char *hex="0123456789ABCDEF"; \ | static const char* hex="0123456789ABCDEF"; \ |
| char chunk[3]={prefix}; \ | CORD_ec_append(info->result, prefix); \ |
| chunk[1]=hex[((unsigned char)*src)/0x10]; \ | CORD_ec_append(info->result, hex[((unsigned char)c)/0x10]); \ |
| chunk[2]=hex[((unsigned char)*src)%0x10]; \ | CORD_ec_append(info->result, hex[((unsigned char)c)%0x10]); \ |
| memcpy(dest, chunk, 3); dest+=3; \ | } else \ |
| } else \ | CORD_ec_append(info->result, otherwise); |
| *dest++=*src; \ | #define to_char(c) { CORD_ec_append(info->result, c); whitespace=false; } |
| break | #define to_string(s) { CORD_ec_append_cord(info->result, s); whitespace=false; } |
| #define to_char(c) *dest++=c | |
| #define to_string(b, bsize) \ | |
| memcpy(dest, b, bsize); \ | |
| dest+=bsize; \ | |
| inline bool need_file_encode(unsigned char c){ | inline bool need_file_encode(unsigned char c){ |
| // theoretical problem with, for instance, "_2B" and "." fragments, | // russian letters and space ENABLED |
| // they would yield the same | // encoding only these... |
| // because need_file_encode('_')=false | return strchr( |
| // but we need to delete such files somehow, getting names from ^index | "*?'\"<>|" |
| #ifndef WIN32 | |
| if((c>='0') &&(c<='9') ||(c>='A') &&(c<='Z') ||(c>='a') &&(c<='z')) | ":\\" |
| return false; | |
| return !strchr( | |
| " _./()-" | |
| #ifdef WIN32 | |
| ":\\~" | |
| #endif | #endif |
| , c); | , c)!=0; |
| } | } |
| inline bool need_uri_encode(unsigned char c){ | inline bool need_uri_encode(unsigned char c){ |
| if((c>='0') &&(c<='9') ||(c>='A') &&(c<='Z') ||(c>='a') &&(c<='z')) | if((c>='0') &&(c<='9') ||(c>='A') &&(c<='Z') ||(c>='a') &&(c<='z')) |
| return false; | return false; |
| return !strchr("_-./", c); | return !strchr("_-./", c); |
| } | } |
| inline bool need_http_header_encode(unsigned char c){ | inline bool need_http_header_encode(unsigned char c){ |
| if(strchr(" , :", c)) | if(strchr(" , :", c)) |
| return false; | return false; |
| return need_uri_encode(c); | return need_uri_encode(c); |
| } | } |
| // | inline bool need_regex_escape(unsigned char c){ |
| return strchr("\\^$.[]|()?*+{}-", c)!=0; | |
| static const char * String_Untaint_lang_name[]={ | } |
| "U", ///< zero value handy for hash lookup @see untaint_lang_name2enum | |
| "C", ///< clean | |
| "T", ///< tainted, untaint language as assigned later | |
| // untaint languages. assigned by ^untaint[lang]{...} | |
| "P", | |
| /**< | |
| leave language built into string being appended. | |
| just a flag, that value not stored | |
| */ | |
| "A", ///< leave all characters intact | |
| "F", ///< file specification | |
| "H", ///< ext in HTTP response header | |
| "M", ///< text in mail header | |
| "URI", ///< text in uri | |
| "T", ///< ^table:set body | |
| "SQL", ///< ^table:sql body | |
| "JS", ///< JavaScript code | |
| "XML", ///< ^dom:set xml | |
| "HTML" ///< HTML code (for editing) | |
| }; | |
| // String | // String |
| /* | /* |
| HTTP-header = field-name ":" [ field-value ] CRLF | HTTP-header = field-name ":" [ field-value ] CRLF |
| field-name = token | field-name = token |
| Line 137 quoted-pair = "\" CHAR | Line 135 quoted-pair = "\" CHAR |
| if(strchr("()<>@,;:\\\"/[]?={} \t", *ptr)) | if(strchr("()<>@,;:\\\"/[]?={} \t", *ptr)) |
| */ | */ |
| inline bool need_quote_http_header(const char *ptr, size_t size) { | inline bool need_quote_http_header(const char* ptr, size_t size) { |
| for(; size--; ptr++) | for(; size--; ptr++) |
| if(strchr(";\\\"= \t" /* excluded ()<>@, :/ ? []{} */, *ptr)) | if(strchr(";\\\"= \t" /* excluded ()<>@, :/ ? []{} */, *ptr)) |
| return true; | return true; |
| return false; | return false; |
| } | } |
| //#include "pa_sapi.h" | #ifndef DOXYGEN |
| struct Append_fragment_info { | |
| String::Language lang; | |
| String::Languages* dest_languages; | |
| size_t dest_body_plan_length; | |
| }; | |
| #endif | |
| int append_fragment_optimizing(char alang, size_t asize, Append_fragment_info* info) { | |
| const String::Language lang=(String::Language)(unsigned char)alang; | |
| // main idea here: | |
| // tainted piece would get OPTIMIZED bit from 'lang' | |
| // clean piece would be marked OPTIMIZED manually | |
| // pieces with determined languages [not tainted|clean] would retain theirs langs | |
| info->dest_languages->append(info->dest_body_plan_length, | |
| lang==String::L_TAINTED? | |
| info->lang | |
| :lang==String::L_CLEAN? | |
| (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT) // ORing with OPTIMIZED flag | |
| :lang, | |
| asize); | |
| info->dest_body_plan_length+=asize; | |
| return 0; // 0=continue | |
| } | |
| int append_fragment_nonoptimizing(char alang, size_t asize, Append_fragment_info* info) { | |
| const String::Language lang=(String::Language)(unsigned char)alang; | |
| // The core idea: tainted pieces got marked with context's lang | |
| info->dest_languages->append(info->dest_body_plan_length, | |
| lang==String::L_TAINTED? | |
| info->lang | |
| :lang, | |
| asize); | |
| info->dest_body_plan_length+=asize; | |
| return 0; // 0=continue | |
| } | |
| /** | /** |
| appends other String, | appends to other String, |
| marking all tainted pieces of it with @a lang. | marking all tainted pieces of it with @a lang. |
| or marking ALL pieces of it with a @a lang when @a forced to, | or marking ALL pieces of it with a @a lang when @a forced to, |
| and propagating OPTIMIZE language bit. | and propagating OPTIMIZE language bit. |
| using architecture advantage: after string-to-string-append string never modified. | |
| algorithm: | |
| if no language-change specified and src not yet appended to some other string[last_chunk!=0] | |
| shrinking dest last_chunk[preparing it for linking], | |
| ///shrinking src last_chunk[preparing it to be linked, consequent dest.appends would go there], | |
| linking[dest.last_chunk = src.head] | |
| if some language-change specified or src already appended to some other string[last_chunk==0] | |
| cloning pieces. | |
| */ | */ |
| String& String::append(const String& src, uchar lang, bool forced) { | String& String::append_to(String& dest, Language ilang, bool forced) const { |
| if(!last_chunk) // growth stopped [we're appended as string to somebody] | if(is_empty()) |
| throw Exception(0, 0, | return dest; |
| this, | |
| "string growth stopped (append string)"); | |
| if(src.is_empty()) | |
| return *this; | |
| // without language-chage, not-appended-before, big[not fitting our tail] string? | |
| if(lang==UL_PASS_APPENDED | |
| && src.last_chunk | |
| && (uint(&last_chunk->rows[last_chunk->count]-append_here) < src.used_rows())) { | |
| #ifdef DEBUG_STRING_APPENDS_VS_EXPANDS | |
| string_string_shortcut_economy+=src.used_rows()*sizeof(String::Chunk::Row); | |
| #endif | |
| // using fact: | // first: fragment infos |
| // src.head.count initally equeals this.head.count and shrinks-only, | |
| // so can't be more than this.head.count, | if(ilang==L_PASS_APPENDED) // without language-change? |
| // which means that we know that | dest.langs.appendHelper(dest.body, langs, body); |
| // src.head would fit into this.head | else if(forced) //forcing passed lang? |
| if(is_empty()) { // our head is empty | dest.langs.appendHelper(dest.body, ilang, body); |
| // they have more than head? we need all head : we need only filled-part of head | else { |
| Chunk *src_head_link=src.head.rows[src.head.count].link; | if(langs.opt.is_not_just_lang){ |
| size_t head_count=src_head_link?src.head.count:(src.append_here-src.head.rows); | Append_fragment_info info={ilang, &dest.langs, dest.body.length()}; |
| // "your head is my head" | langs.for_each(body, ilang&L_OPTIMIZE_BIT? |
| memcpy(head.rows, src.head.rows, sizeof(Chunk::Row)*(head_count)); | append_fragment_optimizing |
| if(src_head_link) { | :append_fragment_nonoptimizing, &info); |
| // "your body is my body" | } else { |
| head.rows[head.count=head_count].link=src_head_link; | Language lang=langs.opt.lang; |
| // "your last_chunk is mine now" | // see append_fragment_* for explanation |
| last_chunk=src.last_chunk; | if(ilang&L_OPTIMIZE_BIT){ |
| // "your append_here is mine now" | dest.langs.appendHelper(dest.body, |
| append_here=src.append_here; | lang==String::L_TAINTED? |
| ilang | |
| :lang==String::L_CLEAN? | |
| (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT) | |
| :lang, | |
| body); | |
| } else { | } else { |
| // "your last_chunk is mine now" | dest.langs.appendHelper(dest.body, lang==String::L_TAINTED ? ilang:lang, body); |
| last_chunk=&head; | |
| // "your append_here is recalc-mine now" | |
| append_here=head.rows+head_count; | |
| } | } |
| } else { // our head contains something | |
| // "chopping off my tail-reserve" | |
| last_chunk->count=append_here-last_chunk->rows; | |
| // "you is my tail" | |
| append_here->link=&src.head; | |
| // "your last_chunk is mine now" | |
| last_chunk=src.last_chunk; | |
| // "your append_here is mine now" | |
| append_here=src.append_here; | |
| } | } |
| // stop-growing mark | |
| src.last_chunk=0; | |
| return *this; | |
| } | } |
| // manually unrolled code to avoid do{if(const)} constructs | // next: letters |
| if(forced) | dest.body<<body; |
| STRING_SRC_FOREACH_ROW( | |
| APPEND(row->item.ptr, row->item.size, | |
| lang, //forcing passed lang | |
| row->item.origin.file, row->item.origin.line); | |
| ) | |
| else if(lang==UL_PASS_APPENDED) | |
| STRING_SRC_FOREACH_ROW( | |
| APPEND(row->item.ptr, row->item.size, | |
| row->item.lang, // passing item's lang | |
| row->item.origin.file, row->item.origin.line); | |
| ) | |
| else if(lang&UL_OPTIMIZE_BIT) // main idea here | |
| // tainted piece would get OPTIMIZED bit from 'lang' | |
| // clean piece would be marked OPTIMIZED manually | |
| // pieces with determined languages [not tainted|clean] would retain theirs langs | |
| STRING_SRC_FOREACH_ROW( | |
| APPEND(row->item.ptr, row->item.size, | |
| row->item.lang==UL_TAINTED?lang:( | |
| row->item.lang==UL_CLEAN?UL_CLEAN|UL_OPTIMIZE_BIT: // ORing with OPTIMIZED flag | |
| row->item.lang | |
| ), | |
| row->item.origin.file, row->item.origin.line); | |
| ) | |
| else | |
| STRING_SRC_FOREACH_ROW( | |
| APPEND(row->item.ptr, row->item.size, | |
| row->item.lang==UL_TAINTED?lang:row->item.lang, | |
| row->item.origin.file, row->item.origin.line); | |
| ); | |
| /* | |
| for(Chunk::Row *row=last_chunk->rows; row<append_here; row++) | |
| if(row->link==(void*)0xcdcdcdcd) | |
| _asm int 3;*/ | |
| return *this; | |
| } | |
| size_t String::cstr_bufsize(Untaint_lang lang, | |
| SQL_Connection *connection, | |
| Charset *buf_charset) const { | |
| size_t dest=1; // for terminating 0 | |
| STRING_FOREACH_ROW( | |
| uchar to_lang=lang==UL_UNSPECIFIED?row->item.lang:lang; | |
| switch(to_lang & ~UL_OPTIMIZE_BIT) { | |
| case UL_CLEAN: | |
| case UL_TAINTED: | |
| case UL_AS_IS: | |
| // clean piece | |
| // tainted piece, but undefined untaint language | |
| // for VString.as_double of tainted values | |
| // for ^process{body} evaluation | |
| // tainted, untaint language: as-is | ASSERT_STRING_INVARIANT(dest); |
| dest+=row->item.size; | |
| break; | |
| case UL_FILE_SPEC: | |
| // tainted, untaint language: file [name] | |
| dest+=row->item.size*3/* worst: Z->%XX */; | |
| break; | |
| case UL_URI: | |
| // tainted, untaint language: uri | |
| dest+=row->item.size*6*3/* worst utf8 x worst Z->%XX */; | |
| break; | |
| case UL_HTTP_HEADER: | |
| // tainted, untaint language: http-field-content-text | |
| dest+=row->item.size*3/* worst: Z->%XX */; | |
| break; | |
| case UL_MAIL_HEADER: | |
| // tainted, untaint language: mail-header | |
| if(buf_charset) { | |
| // Subject: Re: parser3: =?koi8-r?Q?=D3=C5=CD=C9=CE=C1=D2?= | |
| dest+= | |
| row->item.size*3+ | |
| buf_charset->name().size()+MAX_STRING/* worst: =?charset?Q?=%XX?= */; | |
| } else | |
| dest+=row->item.size; | |
| break; | |
| case UL_TABLE: | |
| // tainted, untaint language: table | |
| dest+=row->item.size; | |
| break; | |
| case UL_SQL: | |
| // tainted, untaint language: sql | |
| if(connection) | |
| dest+=connection->quote(0, row->item.ptr, row->item.size); | |
| break; | |
| case UL_JS: | |
| escape(switch(*src) { | |
| case '"': case '\'': case '\n': case '\\': case '\xFF': | |
| dest+=2; break; | |
| default: | |
| dest++; break; | |
| }); | |
| break; | |
| case UL_XML: | |
| escape(switch(*src) { | |
| case '&': case '>': case '<': case '"': case '\'': | |
| dest+= 6; break; | |
| default: | |
| dest++; break; | |
| }); | |
| break; | |
| case UL_HTML: | |
| escape(switch(*src) { | |
| case '&': | |
| case '>': | |
| case '<': | |
| case '"': | |
| dest+=6; break; | |
| default: | |
| dest++; break; | |
| }); | |
| break; | |
| } | |
| ); | |
| return dest; | return dest; |
| } | } |
| char *String::store_to(char *dest, Untaint_lang lang, | /** http://www.ietf.org/rfc/rfc2047.txt |
| SQL_Connection *connection, | RFC |
| Charset *store_to_charset) const { | (3) As a replacement for a 'word' entity within a 'phrase', for example, |
| // WARNING: | one that precedes an address in a From, To, or Cc header. The ABNF |
| // before any changes check cstr_bufsize first!!! | definition for 'phrase' from RFC 822 thus becomes: |
| bool whitespace=true; | |
| STRING_FOREACH_ROW( | phrase = 1*( encoded-word / word ) |
| uchar to_lang=lang==UL_UNSPECIFIED?row->item.lang:lang; | |
| In this case the set of characters that may be used in a "Q"-encoded | |
| char *start=dest; | 'encoded-word' is restricted to: <upper and lower case ASCII |
| letters, decimal digits, "!", "*", "+", "-", "/", "=", and "_" | |
| switch(to_lang & ~UL_OPTIMIZE_BIT) { | (underscore, ASCII 95.)>. An 'encoded-word' that appears within a |
| case UL_CLEAN: | 'phrase' MUST be separated from any adjacent 'word', 'text' or |
| case UL_TAINTED: | 'special' by 'linear-white-space'. |
| case UL_AS_IS: | ... |
| // clean piece | (2) The 8-bit hexadecimal value 20 (e.g., ISO-8859-1 SPACE) may be |
| represented as "_" (underscore, ASCII 95.). (This character may | |
| // tainted piece, but undefined untaint language | not pass through some internetwork mail gateways, but its use |
| // for VString.as_double of tainted values | will greatly enhance readability of "Q" encoded data with mail |
| // for ^process{body} evaluation | readers that do not support this encoding.) Note that the "_" |
| always represents hexadecimal 20, even if the SPACE character | |
| // tainted, untaint language: as-is | occupies a different code position in the character set in use. |
| memcpy(dest, row->item.ptr, row->item.size); | |
| dest+=row->item.size; | paf: obviously, |
| without "=", or one could not differ "=E0" and "russian letter a" | |
| and without "_", or in would mean 0x20 | |
| */ | |
| inline bool mail_header_char_valid_within_Qencoded(char c) { | |
| return c>='A' && c<='Z' | |
| || c>='a' && c<='Z' | |
| || c>='0' && c<='9' | |
| || strchr("!*+-/", c); | |
| } | |
| inline bool addr_spec_soon(const char *src) { | |
| for(char c; (c=*src); src++) | |
| if(c=='<') | |
| return true; | |
| else if(!(c==' ' || c=='\t')) | |
| return false; | |
| return false; | |
| } | |
| /** | |
| RFC | |
| Upper case should be used for hexadecimal digits "A" through "F" | |
| The 8-bit hexadecimal value 20 (e.g., ISO-8859-1 SPACE) | |
| may be represented as "_" | |
| */ | |
| inline bool mail_header_nonspace_char(char c) { | |
| return c != 0x20; | |
| } | |
| inline void ec_append(CORD_ec& result, bool& optimize, bool& whitespace, CORD_pos pos, size_t size) { | |
| while(size--) { | |
| CORD_ec_append(result, CORD_pos_fetch(pos)); | |
| CORD_next(pos); | |
| } | |
| } | |
| inline void pa_CORD_pos_advance(CORD_pos pos, size_t n) { | |
| while(true) { | |
| long avail=CORD_pos_chars_left(pos); | |
| if(avail<=0) { | |
| CORD_next(pos); | |
| if(!--n) | |
| break; | |
| } else if((size_t)avail<n) { | |
| CORD_pos_advance(pos, avail); | |
| n-=avail; | |
| } else { // avail>=n | |
| CORD_pos_advance(pos, n); | |
| break; | break; |
| case UL_FILE_SPEC: | } |
| // tainted, untaint language: file [name] | } |
| escape( | } |
| encode(need_file_encode, '_'); | |
| #ifndef DOXYGEN | |
| struct Cstr_to_string_body_block_info { | |
| // input | |
| String::Language lang; | |
| SQL_Connection* connection; | |
| const Request_charsets* charsets; | |
| const String::Body* body; | |
| // output | |
| CORD_ec result; | |
| // private | |
| CORD_pos pos; | |
| size_t fragment_begin; | |
| bool whitespace; | |
| const char* exception; | |
| }; | |
| #endif | |
| int cstr_to_string_body_block(String::Language to_lang, size_t fragment_length, Cstr_to_string_body_block_info* info) { | |
| bool& whitespace=info->whitespace; | |
| size_t fragment_end=info->fragment_begin+fragment_length; | |
| //fprintf(stderr, "%d, %d =%s=\n", to_lang, fragment_length, info->body->cstr()); | |
| bool optimize=(to_lang & String::L_OPTIMIZE_BIT)!=0; | |
| if(!optimize) | |
| whitespace=false; | |
| switch(to_lang & ~String::L_OPTIMIZE_BIT) { | |
| case String::L_CLEAN: | |
| case String::L_TAINTED: | |
| case String::L_AS_IS: | |
| // clean piece | |
| // tainted piece, but undefined untaint language | |
| // for VString.as_double of tainted values | |
| // for ^process{body} evaluation | |
| // tainted, untaint language: as-is | |
| ec_append(info->result, optimize, whitespace, info->pos, fragment_length); | |
| break; | |
| case String::L_FILE_SPEC: | |
| // tainted, untaint language: file [name] | |
| { | |
| bool is1251=(info->charsets && info->charsets->source().NAME()=="WINDOWS-1251"); | |
| escape_fragment( | |
| // Macintosh has problems with small Russian letter 'r' | |
| if( is1251 && c=='\xF0' ) { | |
| // fixing that letter for most common charset | |
| to_char('p'); | |
| } else // fallback to default | |
| encode(need_file_encode, '_', c); | |
| ); | ); |
| break; | } |
| case UL_URI: | break; |
| // tainted, untaint language: uri | case String::L_FILE_POST: |
| const void *client_ptr; | { |
| size_t client_size; | escape_fragment(switch(c) { |
| Charset::transcode(pool(), | case '\0': to_string("\\0"); break; |
| pool().get_source_charset(), row->item.ptr, row->item.size, | case '\\': to_string("\\\\"); break; |
| pool().get_client_charset(), client_ptr, client_size); | default: _default; break; |
| { | |
| const char *src=(const char *)client_ptr; | |
| for(int size=client_size; size--; src++) | |
| switch(*src) { | |
| case ' ': to_char('+'); break; | |
| default: encode(need_uri_encode, '%'); | |
| }; | |
| } | |
| break; | |
| case UL_HTTP_HEADER: | |
| // tainted, untaint language: http-field-content-text | |
| escape(switch(*src) { | |
| case ' ': to_char('+'); break; | |
| default: encode(need_uri_encode, '%'); | |
| }); | }); |
| break; | } |
| case UL_MAIL_HEADER: | break; |
| // tainted, untaint language: mail-header | case String::L_URI: |
| if(store_to_charset) { | // tainted, untaint language: uri |
| const void *mail_ptr; | { |
| size_t mail_size; | const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr(); |
| Charset::transcode(pool(), | // skip source [we use recoded version] |
| pool().get_source_charset(), row->item.ptr, row->item.size, | pa_CORD_pos_advance(info->pos, fragment_length); |
| *store_to_charset, mail_ptr, mail_size); | String::C output(fragment_str, fragment_length); |
| if(info->charsets) | |
| // Subject: Re: parser3: =?koi8-r?Q?=D3=C5=CD=C9=CE=C1=D2?= | output=Charset::transcode(output, |
| const char *src=(const char *)mail_ptr; | info->charsets->source(), |
| bool to_quoted_printable=false; | info->charsets->client()); |
| for(int size=mail_size; size--; src++) { | |
| if(*src & 0x80) { | char c; |
| if(!to_quoted_printable) { | for(const char* src=output.str; (c=*src++); ) |
| dest+=sprintf(dest, "=?%s?Q?", store_to_charset->name().cstr()); | encode(need_uri_encode, '%', c); |
| to_quoted_printable=true; | } |
| } | break; |
| dest+=sprintf(dest, "=%02X", *src & 0xFF); | case String::L_HTTP_HEADER: |
| } else { | // tainted, untaint language: http-field-content-text |
| *dest++=*src; | // the same as L_URI BUT not transcoded into $response:charset before encoding |
| escape_fragment( | |
| encode(need_uri_encode, '%', c); | |
| ); | |
| break; | |
| case String::L_MAIL_HEADER: | |
| // tainted, untaint language: mail-header | |
| // http://www.ietf.org/rfc/rfc2047.txt | |
| if(info->charsets) { | |
| size_t mail_size; | |
| const char *mail_ptr= | |
| info->body->mid(info->fragment_begin, mail_size=fragment_length).cstr(); | |
| // skip source [we use recoded version] | |
| pa_CORD_pos_advance(info->pos, mail_size); | |
| const char* charset_name=info->charsets->mail().NAME().cstr(); | |
| // Subject: Re: parser3: =?koi8-r?Q?=D3=C5=CD=C9=CE=C1=D2?= | |
| bool to_quoted_printable=false; | |
| bool email=false; | |
| uchar c; | |
| for(const char* src=mail_ptr; (c=(uchar)*src++); ) { | |
| if(c=='\r' || c=='\n') | |
| c=' '; | |
| if(to_quoted_printable && (c==',' || c == '"' || addr_spec_soon(src-1/*position to 'c'*/))) { | |
| email=c=='<'; | |
| to_string("?="); | |
| to_quoted_printable=false; | |
| } | |
| //RFC + An 'encoded-word' MUST NOT appear in any portion of an 'addr-spec'. | |
| if(!email && ( | |
| !to_quoted_printable && (c & 0x80) // starting quote-printable-encoding on first 8bit char | |
| || to_quoted_printable && !mail_header_char_valid_within_Qencoded(c) | |
| )) { | |
| if(!to_quoted_printable) { | |
| to_string("=?"); | |
| to_string(charset_name); | |
| to_string("?Q?"); | |
| to_quoted_printable=true; | |
| } | } |
| encode(mail_header_nonspace_char, '=', '_'); | |
| } else | |
| to_char(c); | |
| if(c=='>') | |
| email=false; | |
| } | |
| if(to_quoted_printable) // close | |
| to_string("?="); | |
| } else | |
| ec_append(info->result, optimize, whitespace, info->pos, fragment_length); | |
| break; | |
| case String::L_SQL: | |
| // tainted, untaint language: sql | |
| if(info->connection) { | |
| const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr(); | |
| // skip source [we use recoded version] | |
| pa_CORD_pos_advance(info->pos, fragment_length); | |
| to_string(info->connection->quote(fragment_str, fragment_length)); | |
| } else { | |
| info->exception="untaint in SQL language failed - no connection specified"; | |
| info->fragment_begin=fragment_end; | |
| return 1; // stop processing. can't throw exception here | |
| } | |
| break; | |
| case String::L_JS: | |
| escape_fragment(switch(c) { | |
| case '\n': to_string("\\n"); break; | |
| case '"': to_string("\\\""); break; | |
| case '\'': to_string("\\'"); break; | |
| case '\\': to_string("\\\\"); break; | |
| case '\xFF': to_string("\\\xFF"); break; | |
| case '\r': to_string("\\r"); break; | |
| default: _default; break; | |
| }); | |
| break; | |
| case String::L_XML: | |
| // [2] Char ::= #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF] | |
| escape_fragment(switch(c) { | |
| case '\x20': | |
| case '\x9': | |
| case '\xA': | |
| case '\xD': // this is usually removed on input | |
| _default; | |
| break; | |
| case '&': to_string("&"); break; | |
| case '>': to_string(">"); break; | |
| case '<': to_string("<"); break; | |
| case '"': to_string("""); break; | |
| case '\'': to_string("'"); break; | |
| default: | |
| if(((unsigned char)c)<0x20) { | |
| // fixing it, so that libxml would not result | |
| // in fatal error parsing text | |
| // though it really violates standard. | |
| // to indicate there were an error | |
| // replace bad char not to it's code, | |
| // which we can do, | |
| // but rather to '!' to show that input were actually | |
| // invalid. | |
| // life: shows that MSIE can somehow garble form values | |
| // so that they contain these chars. | |
| to_char('!'); | |
| } else { | |
| _default; | |
| } | } |
| if(to_quoted_printable) // close | break; |
| dest+=sprintf(dest, "?="); | }); |
| break; | |
| case String::L_HTML: | |
| escape_fragment(switch(c) { | |
| case '&': to_string("&"); break; | |
| case '>': to_string(">"); break; | |
| case '<': to_string("<"); break; | |
| case '"': to_string("""); break; | |
| default: _default; break; | |
| }); | |
| break; | |
| case String::L_REGEX: | |
| // tainted, untaint language: regex | |
| escape_fragment( | |
| if(need_regex_escape(c)) | |
| to_char('\\') | |
| _default; | |
| ); | |
| break; | |
| case String::L_HTTP_COOKIE: | |
| // tainted, untaint language: cookie (3.3.0 and higher: %uXXXX in UTF-8) | |
| { | |
| const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr(); | |
| // skip source [we use recoded version] | |
| pa_CORD_pos_advance(info->pos, fragment_length); | |
| String::C output(fragment_str, fragment_length); | |
| } else { | output=Charset::escape(output, info->charsets->source()); |
| memcpy(dest, row->item.ptr, row->item.size); | //throw Exception(0, 0, output); |
| dest+=row->item.size; | to_string(output); |
| } | |
| break; | |
| case UL_TABLE: | |
| // tainted, untaint language: table | |
| escape(switch(*src) { | |
| case '\t': to_char(' '); break; | |
| case '\n': to_char(' '); break; | |
| _default; | |
| }); | |
| break; | |
| case UL_SQL: | |
| // tainted, untaint language: sql | |
| if(connection) | |
| dest+=connection->quote(dest, row->item.ptr, row->item.size); | |
| else | |
| throw Exception(0, 0, | |
| this, | |
| "untaint in SQL language failed - no connection specified"); | |
| break; | |
| case UL_JS: | |
| escape(switch(*src) { | |
| case '"': to_string("\\\"", 2); break; | |
| case '\'': to_string("\\'", 2); break; | |
| case '\n': to_string("\\n", 2); break; | |
| case '\\': to_string("\\\\", 2); break; | |
| case '\xFF': to_string("\\\xFF", 2); break; | |
| _default; | |
| }); | |
| break; | |
| case UL_XML: | |
| escape(switch(*src) { | |
| case '&': to_string("&", 5); break; | |
| case '>': to_string(">", 4); break; | |
| case '<': to_string("<", 4); break; | |
| case '"': to_string(""", 6); break; | |
| case '\'': to_string("'", 6); break; | |
| _default; | |
| }); | |
| break; | |
| case UL_HTML: | |
| escape(switch(*src) { | |
| case '&': to_string("&", 5); break; | |
| case '>': to_string(">", 4); break; | |
| case '<': to_string("<", 4); break; | |
| case '"': to_string(""", 6); break; | |
| _default; | |
| }); | |
| break; | |
| default: | |
| throw Exception(0, 0, | |
| this, | |
| "unknown untaint language #%d", | |
| static_cast<int>(row->item.lang)); // sould never | |
| break; // never | |
| } | } |
| break; | |
| default: | |
| SAPI::abort("unknown untaint language #%d", | |
| static_cast<int>(to_lang)); // should never | |
| break; // never | |
| } | |
| if(to_lang & UL_OPTIMIZE_BIT) { | info->fragment_begin=fragment_end; |
| // optimizing whitespace | |
| char *stop=dest; dest=start; | |
| for(char *src=start; src<stop; src++) | |
| switch(*src) { | |
| // of all consequent white space chars leaving only first one | |
| case ' ': case '\r': case '\n': case '\t': | |
| if(!whitespace) { | |
| *dest++=*src; | |
| whitespace=true; | |
| } | |
| break; | |
| default: | |
| whitespace=false; | |
| *dest++=*src; | |
| break; | |
| }; | |
| } else // piece without optimization | |
| whitespace=false; | |
| ); | |
| return dest; | return 0; // 0=continue |
| } | } |
| char *String::cstr_debug_origins() const { | |
| //_asm int 3; | |
| char *result=(char *)malloc(size()+used_rows()*MAX_STRING*2); | |
| char *dest=result; | |
| STRING_FOREACH_ROW( | |
| IFNDEF_NO_STRING_ORIGIN( | |
| if(row->item.origin.file) | |
| dest+=sprintf(dest, ORIGIN_FILE_LINE_FORMAT, | |
| row->item.origin.file, | |
| 1+row->item.origin.line); | |
| else | |
| dest+=sprintf(dest, "<unknown>"); | |
| ); | |
| uchar show_lang=row->item.lang & ~UL_OPTIMIZE_BIT; | |
| if(show_lang>=sizeof(String_Untaint_lang_name)/sizeof(String_Untaint_lang_name[0])) | |
| throw Exception(0, 0, | |
| this, | |
| "unknown untaint language #%d", | |
| static_cast<int>(show_lang)); // sould never | |
| dest+=sprintf(dest, "#%s%s: ", | |
| String_Untaint_lang_name[show_lang], | |
| row->item.lang & UL_OPTIMIZE_BIT?".O":""); | |
| char *dest_after_origins=dest; | |
| memcpy(dest, row->item.ptr, row->item.size); | |
| dest+=row->item.size; | |
| remove_crlf(dest_after_origins, dest); | |
| to_char('\n'); | |
| ); | |
| *dest=0; | int cstr_to_string_body_block_default(char alang, size_t fragment_length, Cstr_to_string_body_block_info* info){ |
| return result; | return cstr_to_string_body_block(info->lang==String::L_UNSPECIFIED ? (String::Language)(unsigned char)alang : info->lang, fragment_length, info); |
| } | |
| String::Body String::cstr_to_string_body(Language lang, SQL_Connection* connection, const Request_charsets *charsets) const { | |
| if(is_empty()) | |
| return String::Body(); | |
| Cstr_to_string_body_block_info info; | |
| // input | |
| info.lang=lang; | |
| info.connection=connection; | |
| info.charsets=charsets; | |
| info.body=&body; | |
| // output | |
| CORD_ec_init(info.result); | |
| // private | |
| body.set_pos(info.pos, 0); | |
| info.fragment_begin=0; | |
| info.exception=0; | |
| info.whitespace=true; | |
| langs.for_each(body, cstr_to_string_body_block_default, &info); | |
| if(info.exception) | |
| throw Exception(0, | |
| 0, | |
| info.exception); | |
| return String::Body(CORD_ec_to_cord(info.result)); | |
| } | |
| String::Body String::cstr_to_string_body_taint(Language lang, SQL_Connection* connection, const Request_charsets *charsets) const { | |
| if(is_empty()) | |
| return String::Body(); | |
| Cstr_to_string_body_block_info info; | |
| // input | |
| info.lang=lang; | |
| info.connection=connection; | |
| info.charsets=charsets; | |
| info.body=&body; | |
| // output | |
| CORD_ec_init(info.result); | |
| // private | |
| body.set_pos(info.pos, 0); | |
| info.fragment_begin=0; | |
| info.exception=0; | |
| info.whitespace=true; | |
| cstr_to_string_body_block(lang, length(), &info); | |
| if(info.exception) | |
| throw Exception(0, | |
| 0, | |
| info.exception); | |
| return String::Body(CORD_ec_to_cord(info.result)); | |
| } | |
| int cstr_to_string_body_block_untaint(char alang, size_t fragment_length, Cstr_to_string_body_block_info* info){ | |
| const String::Language lang=(String::Language)(unsigned char)alang; | |
| // see append_fragment_* for explanation | |
| if(info->lang&String::L_OPTIMIZE_BIT) | |
| return cstr_to_string_body_block( | |
| lang==String::L_TAINTED? | |
| info->lang | |
| :lang==String::L_CLEAN? | |
| (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT) | |
| :lang, | |
| fragment_length, info); | |
| else | |
| return cstr_to_string_body_block(lang==String::L_TAINTED ? info->lang:lang, fragment_length, info); | |
| } | |
| String::Body String::cstr_to_string_body_untaint(Language lang, SQL_Connection* connection, const Request_charsets *charsets) const { | |
| if(is_empty()) | |
| return String::Body(); | |
| Cstr_to_string_body_block_info info; | |
| // input | |
| info.lang=lang; | |
| info.connection=connection; | |
| info.charsets=charsets; | |
| info.body=&body; | |
| // output | |
| CORD_ec_init(info.result); | |
| // private | |
| body.set_pos(info.pos, 0); | |
| info.fragment_begin=0; | |
| info.exception=0; | |
| info.whitespace=true; | |
| langs.for_each(body, cstr_to_string_body_block_untaint, &info); | |
| if(info.exception) | |
| throw Exception(0, | |
| 0, | |
| info.exception); | |
| return String::Body(CORD_ec_to_cord(info.result)); | |
| } | } |