|
|
| version 1.128, 2004/02/06 09:40:28 | version 1.149, 2009/07/07 05:48:05 |
|---|---|
| Line 1 | Line 1 |
| /** @file | /** @file |
| Parser: String class part: untaint mechanizm. | Parser: String class part: untaint mechanizm. |
| Copyright(c) 2001-2003 ArtLebedev Group (http://www.artlebedev.com) | Copyright(c) 2001-2005 ArtLebedev Group (http://www.artlebedev.com) |
| Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru) | Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru) |
| */ | */ |
| Line 34 extern "C" { // author forgot to do that | Line 34 extern "C" { // author forgot to do that |
| { \ | { \ |
| bool skip=false; \ | bool skip=false; \ |
| if(optimize) switch(c) { \ | if(optimize) switch(c) { \ |
| case ' ': case '\r': case '\n': case '\t': \ | case ' ': case '\n': case '\t': \ |
| if(whitespace) \ | if(whitespace) \ |
| skip=true; /*skipping subsequent*/ \ | skip=true; /*skipping subsequent*/ \ |
| else \ | else \ |
| Line 53 extern "C" { // author forgot to do that | Line 53 extern "C" { // author forgot to do that |
| } | } |
| #define escape(action) \ | #define escape_fragment(action) \ |
| for(; fragment_length--; CORD_next(info->pos)) { \ | for(; fragment_length--; CORD_next(info->pos)) { \ |
| char c=CORD_pos_fetch(info->pos); \ | char c=CORD_pos_fetch(info->pos); \ |
| action \ | action \ |
| } | } |
| #define _default default: CORD_ec_append(info->result, c); break | #define _default CORD_ec_append(info->result, c) |
| #define encode(need_encode_func, prefix, otherwise) \ | #define encode(need_encode_func, prefix, otherwise) \ |
| if(need_encode_func(c)) { \ | if(need_encode_func(c)) { \ |
| static const char* hex="0123456789ABCDEF"; \ | static const char* hex="0123456789ABCDEF"; \ |
| Line 74 inline bool need_file_encode(unsigned ch | Line 74 inline bool need_file_encode(unsigned ch |
| // russian letters and space ENABLED | // russian letters and space ENABLED |
| // encoding only these... | // encoding only these... |
| return strchr( | return strchr( |
| "*?'\"<>|" | "*?'\"<>|" |
| #ifndef WIN32 | #ifndef WIN32 |
| ":\\" | ":\\" |
| #endif | #endif |
| , c)!=0; | , c)!=0; |
| } | } |
| inline bool need_uri_encode(unsigned char c){ | inline bool need_uri_encode(unsigned char c){ |
| if((c>='0') &&(c<='9') ||(c>='A') &&(c<='Z') ||(c>='a') &&(c<='z')) | if((c>='0') &&(c<='9') ||(c>='A') &&(c<='Z') ||(c>='a') &&(c<='z')) |
| return false; | return false; |
| return !strchr("_-./", c); | return !strchr("_-./", c); |
| } | } |
| inline bool need_http_header_encode(unsigned char c){ | inline bool need_http_header_encode(unsigned char c){ |
| if(strchr(" , :", c)) | if(strchr(" , :", c)) |
| return false; | return false; |
| return need_uri_encode(c); | return need_uri_encode(c); |
| } | } |
| inline bool need_regex_escape(unsigned char c){ | |
| return strchr("\\^$.[]|()?*+{}-", c)!=0; | |
| } | |
| // String | // String |
| /* | /* |
| Line 179 int append_fragment_nonoptimizing(char a | Line 185 int append_fragment_nonoptimizing(char a |
| or marking ALL pieces of it with a @a lang when @a forced to, | or marking ALL pieces of it with a @a lang when @a forced to, |
| and propagating OPTIMIZE language bit. | and propagating OPTIMIZE language bit. |
| */ | */ |
| String& String::append_to(String& dest, Language lang, bool forced) const { | String& String::append_to(String& dest, Language ilang, bool forced) const { |
| if(is_empty()) | if(is_empty()) |
| return dest; | return dest; |
| // first: fragment infos | // first: fragment infos |
| if(lang==L_PASS_APPENDED) // without language-change? | if(ilang==L_PASS_APPENDED) // without language-change? |
| dest.langs.append(dest.body, body.length(), langs); | dest.langs.appendHelper(dest.body, langs, body); |
| else if(forced) //forcing passed lang? | else if(forced) //forcing passed lang? |
| dest.langs.append(dest.body, lang, length()); | dest.langs.appendHelper(dest.body, ilang, body); |
| else { | else { |
| Append_fragment_info info={lang, &dest.langs, dest.body.length()}; | if(langs.opt.is_not_just_lang){ |
| langs.for_each(body, lang&L_OPTIMIZE_BIT? | Append_fragment_info info={ilang, &dest.langs, dest.body.length()}; |
| append_fragment_optimizing | langs.for_each(body, ilang&L_OPTIMIZE_BIT? |
| :append_fragment_nonoptimizing, &info); | append_fragment_optimizing |
| :append_fragment_nonoptimizing, &info); | |
| } else { | |
| Language lang=langs.opt.lang; | |
| // see append_fragment_* for explanation | |
| if(ilang&L_OPTIMIZE_BIT){ | |
| dest.langs.appendHelper(dest.body, | |
| lang==String::L_TAINTED? | |
| ilang | |
| :lang==String::L_CLEAN? | |
| (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT) | |
| :lang, | |
| body); | |
| } else { | |
| dest.langs.appendHelper(dest.body, lang==String::L_TAINTED ? ilang:lang, body); | |
| } | |
| } | |
| } | } |
| // next: letters | // next: letters |
| Line 292 struct Cstr_to_string_body_block_info { | Line 314 struct Cstr_to_string_body_block_info { |
| CORD_pos pos; | CORD_pos pos; |
| size_t fragment_begin; | size_t fragment_begin; |
| bool whitespace; | bool whitespace; |
| const char* exception; | |
| }; | }; |
| #endif | #endif |
| int cstr_to_string_body_block(char alang, size_t fragment_length, Cstr_to_string_body_block_info* info) { | int cstr_to_string_body_block(String::Language to_lang, size_t fragment_length, Cstr_to_string_body_block_info* info) { |
| const String::Language fragment_lang=(String::Language)(unsigned char)alang; | |
| bool& whitespace=info->whitespace; | bool& whitespace=info->whitespace; |
| size_t fragment_end=info->fragment_begin+fragment_length; | size_t fragment_end=info->fragment_begin+fragment_length; |
| //fprintf(stderr, "%d, %d\n", fragment.lang, fragment.length); | //fprintf(stderr, "%d, %d =%s=\n", to_lang, fragment_length, info->body->cstr()); |
| String::Language to_lang=info->lang==String::L_UNSPECIFIED?fragment_lang:info->lang; | |
| bool optimize=(to_lang & String::L_OPTIMIZE_BIT)!=0; | bool optimize=(to_lang & String::L_OPTIMIZE_BIT)!=0; |
| if(!optimize) | if(!optimize) |
| whitespace=false; | whitespace=false; |
| Line 321 int cstr_to_string_body_block(char alang | Line 341 int cstr_to_string_body_block(char alang |
| break; | break; |
| case String::L_FILE_SPEC: | case String::L_FILE_SPEC: |
| // tainted, untaint language: file [name] | // tainted, untaint language: file [name] |
| escape( | { |
| // Macintosh has problems with small Russian letter 'r' | bool is1251=(info->charsets && info->charsets->source().NAME()=="WINDOWS-1251"); |
| if( c=='\xF0' && info->charsets && info->charsets->source().NAME()=="WINDOWS-1251" ) { | escape_fragment( |
| // fixing that letter for most common charset | // Macintosh has problems with small Russian letter 'r' |
| to_char('p'); | if( is1251 && c=='\xF0' ) { |
| } else // fallback to default | // fixing that letter for most common charset |
| encode(need_file_encode, '_', c); | to_char('p'); |
| ); | } else // fallback to default |
| encode(need_file_encode, '_', c); | |
| ); | |
| } | |
| break; | |
| case String::L_FILE_POST: | |
| { | |
| escape_fragment(switch(c) { | |
| case '\0': to_string("\\0"); break; | |
| case '\\': to_string("\\\\"); break; | |
| default: _default; break; | |
| }); | |
| } | |
| break; | break; |
| case String::L_URI: | case String::L_URI: |
| // tainted, untaint language: uri | // tainted, untaint language: uri |
| Line 349 int cstr_to_string_body_block(char alang | Line 381 int cstr_to_string_body_block(char alang |
| break; | break; |
| case String::L_HTTP_HEADER: | case String::L_HTTP_HEADER: |
| // tainted, untaint language: http-field-content-text | // tainted, untaint language: http-field-content-text |
| escape( | // the same as L_URI BUT not transcoded into $response:charset before encoding |
| escape_fragment( | |
| encode(need_uri_encode, '%', c); | encode(need_uri_encode, '%', c); |
| ); | ); |
| break; | break; |
| Line 371 int cstr_to_string_body_block(char alang | Line 404 int cstr_to_string_body_block(char alang |
| bool email=false; | bool email=false; |
| uchar c; | uchar c; |
| for(const char* src=mail_ptr; (c=(uchar)*src++); ) { | for(const char* src=mail_ptr; (c=(uchar)*src++); ) { |
| //RFC + An 'encoded-word' MUST NOT appear in any portion of an 'addr-spec'. | if(c=='\r' || c=='\n') |
| if(to_quoted_printable && (c==',' || addr_spec_soon(src) || c == '"')) { | c=' '; |
| if(to_quoted_printable && (c==',' || c == '"' || addr_spec_soon(src-1/*position to 'c'*/))) { | |
| email=c=='<'; | email=c=='<'; |
| to_string("?="); | to_string("?="); |
| to_quoted_printable=false; | to_quoted_printable=false; |
| } | } |
| //RFC + An 'encoded-word' MUST NOT appear in any portion of an 'addr-spec'. | |
| if(!email && ( | if(!email && ( |
| !to_quoted_printable && (c & 0x80) // starting quote-printable-encoding on first 8bit char | !to_quoted_printable && (c & 0x80) // starting quote-printable-encoding on first 8bit char |
| || to_quoted_printable && !mail_header_char_valid_within_Qencoded(c) | || to_quoted_printable && !mail_header_char_valid_within_Qencoded(c) |
| Line 399 int cstr_to_string_body_block(char alang | Line 434 int cstr_to_string_body_block(char alang |
| } else | } else |
| ec_append(info->result, optimize, whitespace, info->pos, fragment_length); | ec_append(info->result, optimize, whitespace, info->pos, fragment_length); |
| break; | break; |
| case String::L_TABLE: | |
| // tainted, untaint language: table | |
| escape(switch(c) { | |
| case '\t': to_char(' '); break; | |
| case '\n': to_char(' '); break; | |
| _default; | |
| }); | |
| break; | |
| case String::L_SQL: | case String::L_SQL: |
| // tainted, untaint language: sql | // tainted, untaint language: sql |
| if(info->connection) { | if(info->connection) { |
| Line 415 int cstr_to_string_body_block(char alang | Line 442 int cstr_to_string_body_block(char alang |
| pa_CORD_pos_advance(info->pos, fragment_length); | pa_CORD_pos_advance(info->pos, fragment_length); |
| to_string(info->connection->quote(fragment_str, fragment_length)); | to_string(info->connection->quote(fragment_str, fragment_length)); |
| } else | } else { |
| throw Exception(0, | info->exception="untaint in SQL language failed - no connection specified"; |
| 0, | info->fragment_begin=fragment_end; |
| "untaint in SQL language failed - no connection specified"); | return 1; // stop processing. can't throw exception here |
| } | |
| break; | break; |
| case String::L_JS: | case String::L_JS: |
| escape(switch(c) { | escape_fragment(switch(c) { |
| case '\n': to_string("\\n"); break; | |
| case '"': to_string("\\\""); break; | case '"': to_string("\\\""); break; |
| case '\'': to_string("\\'"); break; | case '\'': to_string("\\'"); break; |
| case '\n': to_string("\\n"); break; | |
| case '\\': to_string("\\\\"); break; | case '\\': to_string("\\\\"); break; |
| case '\xFF': to_string("\\\xFF"); break; | case '\xFF': to_string("\\\xFF"); break; |
| _default; | case '\r': to_string("\\r"); break; |
| default: _default; break; | |
| }); | }); |
| break; | break; |
| case String::L_XML: | case String::L_XML: |
| escape(switch(c) { | // [2] Char ::= #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF] |
| escape_fragment(switch(c) { | |
| case '\x20': | |
| case '\x9': | |
| case '\xA': | |
| case '\xD': // this is usually removed on input | |
| _default; | |
| break; | |
| case '&': to_string("&"); break; | case '&': to_string("&"); break; |
| case '>': to_string(">"); break; | case '>': to_string(">"); break; |
| case '<': to_string("<"); break; | case '<': to_string("<"); break; |
| case '"': to_string("""); break; | case '"': to_string("""); break; |
| case '\'': to_string("'"); break; | case '\'': to_string("'"); break; |
| _default; | default: |
| if(((unsigned char)c)<0x20) { | |
| // fixing it, so that libxml would not result | |
| // in fatal error parsing text | |
| // though it really violates standard. | |
| // to indicate there were an error | |
| // replace bad char not to it's code, | |
| // which we can do, | |
| // but rather to '!' to show that input were actually | |
| // invalid. | |
| // life: shows that MSIE can somehow garble form values | |
| // so that they contain these chars. | |
| to_char('!'); | |
| } else { | |
| _default; | |
| } | |
| break; | |
| }); | }); |
| break; | break; |
| case String::L_HTML: | case String::L_HTML: |
| escape(switch(c) { | escape_fragment(switch(c) { |
| case '&': to_string("&"); break; | case '&': to_string("&"); break; |
| case '>': to_string(">"); break; | case '>': to_string(">"); break; |
| case '<': to_string("<"); break; | case '<': to_string("<"); break; |
| case '"': to_string("""); break; | case '"': to_string("""); break; |
| _default; | default: _default; break; |
| }); | }); |
| break; | break; |
| case String::L_REGEX: | |
| // tainted, untaint language: regex | |
| escape_fragment( | |
| if(need_regex_escape(c)) | |
| to_char('\\') | |
| _default; | |
| ); | |
| break; | |
| case String::L_HTTP_COOKIE: | |
| // tainted, untaint language: cookie (3.3.0 and higher: %uXXXX in UTF-8) | |
| { | |
| const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr(); | |
| // skip source [we use recoded version] | |
| pa_CORD_pos_advance(info->pos, fragment_length); | |
| String::C output(fragment_str, fragment_length); | |
| output=Charset::escape(output, info->charsets->source()); | |
| //throw Exception(0, 0, output); | |
| to_string(output); | |
| } | |
| break; | |
| default: | default: |
| SAPI::abort("unknown untaint language #%d", | SAPI::abort("unknown untaint language #%d", |
| static_cast<int>(to_lang)); // should never | static_cast<int>(to_lang)); // should never |
| Line 461 int cstr_to_string_body_block(char alang | Line 535 int cstr_to_string_body_block(char alang |
| } | } |
| String::Body String::cstr_to_string_body(Language lang, | String::Body String::cstr_to_string_body_taint(Language lang, SQL_Connection* connection, const Request_charsets *charsets) const { |
| SQL_Connection* connection, | if(is_empty()) |
| const Request_charsets *charsets) const { | return String::Body(); |
| Cstr_to_string_body_block_info info; | |
| // input | |
| info.lang=lang; | |
| info.connection=connection; | |
| info.charsets=charsets; | |
| info.body=&body; | |
| // output | |
| CORD_ec_init(info.result); | |
| // private | |
| body.set_pos(info.pos, 0); | |
| info.fragment_begin=0; | |
| info.exception=0; | |
| info.whitespace=true; | |
| cstr_to_string_body_block(lang, length(), &info); | |
| if(info.exception) | |
| throw Exception(0, | |
| 0, | |
| info.exception); | |
| return String::Body(CORD_ec_to_cord(info.result)); | |
| } | |
| int cstr_to_string_body_block_untaint(char alang, size_t fragment_length, Cstr_to_string_body_block_info* info){ | |
| const String::Language lang=(String::Language)(unsigned char)alang; | |
| // see append_fragment_* for explanation | |
| if(info->lang&String::L_OPTIMIZE_BIT) | |
| return cstr_to_string_body_block( | |
| lang==String::L_TAINTED? | |
| info->lang | |
| :lang==String::L_CLEAN? | |
| (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT) | |
| :lang, | |
| fragment_length, info); | |
| else | |
| return cstr_to_string_body_block(lang==String::L_TAINTED ? info->lang:lang, fragment_length, info); | |
| } | |
| String::Body String::cstr_to_string_body_untaint(Language lang, SQL_Connection* connection, const Request_charsets *charsets) const { | |
| if(is_empty()) | |
| return String::Body(); | |
| Cstr_to_string_body_block_info info; | Cstr_to_string_body_block_info info; |
| // input | // input |
| Line 476 String::Body String::cstr_to_string_body | Line 593 String::Body String::cstr_to_string_body |
| // private | // private |
| body.set_pos(info.pos, 0); | body.set_pos(info.pos, 0); |
| info.fragment_begin=0; | info.fragment_begin=0; |
| info.exception=0; | |
| info.whitespace=true; | info.whitespace=true; |
| if(!is_empty()) | langs.for_each(body, cstr_to_string_body_block_untaint, &info); |
| langs.for_each(body, cstr_to_string_body_block, &info); | if(info.exception) |
| throw Exception(0, | |
| 0, | |
| info.exception); | |
| return String::Body(CORD_ec_to_cord(info.result)); | return String::Body(CORD_ec_to_cord(info.result)); |
| } | } |