--- parser3/src/main/untaint.C 2001/04/04 10:50:36 1.32 +++ parser3/src/main/untaint.C 2001/07/09 16:51:54 1.54 @@ -4,11 +4,8 @@ Copyright(c) 2001 ArtLebedev Group(http://www.artlebedev.com) Author: Alexander Petrosyan (http://design.ru/paf) - - $Id: untaint.C,v 1.32 2001/04/04 10:50:36 paf Exp $ */ - -#include "pa_config_includes.h" +static const char *RCSId="$Id: untaint.C,v 1.54 2001/07/09 16:51:54 parser Exp $"; #include "pa_pool.h" #include "pa_string.h" @@ -16,6 +13,7 @@ #include "pa_exception.h" #include "pa_table.h" #include "pa_globals.h" +#include "pa_sql_connection.h" #define escape(action) \ { \ @@ -46,9 +44,9 @@ inline bool need_file_encode(unsigned ch return !strchr( #ifdef WIN32 - ":\\" + ":\\~" #endif - "./", c); + "./()_-", c); } inline bool need_uri_encode(unsigned char c){ if((c>='0') &&(c<='9') ||(c>='A') &&(c<='Z') ||(c>='a') &&(c<='z')) @@ -56,7 +54,7 @@ inline bool need_uri_encode(unsigned cha return !strchr("_-./", c); } -inline bool need_header_encode(unsigned char c){ +inline bool need_http_header_encode(unsigned char c){ if(strchr(" , :", c)) return false; @@ -76,15 +74,64 @@ static bool typo_present(Array::Item *va partial==1; // typo left column starts 'src' } -/** - @test optimize whitespaces for all but 'html' - @todo fix theoretical \n mem overrun in TYPO replacements +/* + +HTTP-header = field-name ":" [ field-value ] CRLF + + field-name = token + field-value = *( field-content | LWS ) + + field-content = + + + +word = token | quoted-string + +token = 1* + + + +tspecials = "(" | ")" | "<" | ">" | "@" + | "," | ";" | ":" | "\" | <"> + | "/" | "[" | "]" | "?" | "=" + | "{" | "}" | SP | HT + +SP = +HT = + +LWS = [CRLF] 1*( SP | HT ) +TEXT = + +quoted-pair = "\" CHAR + + if(strchr("()<>@,;:\\\"/[]?={} \t", *ptr)) */ -char *String::store_to(char *dest, Untaint_lang lang) const { +inline bool need_quote_http_header(const char *ptr, size_t size) { + for(; size--; ptr++) + if(strchr(";\\\"= \t" /* excluded ()<>@, :/ ? []{} */, *ptr)) + return true; + return false; +} + +/// @todo maybe additional check "are all pieces are clean?" would be profitable? +size_t String::cstr_bufsize(Untaint_lang lang) const { + return (lang==UL_AS_IS?size():size()*UNTAINT_TIMES_BIGGER) +1; +} + +/** @todo fix theoretical \n mem overrun in TYPO replacements +@todo rename base_64 to quoted_printable [invalid name now] +*/ +char *String::store_to(char *dest, Untaint_lang lang, + SQL_Connection *connection, + const char *charset) const { // $MAIN:html-typo table Table *user_typo_table=static_cast(pool().tag()); Table *typo_table=user_typo_table?user_typo_table:default_typo_table; + bool whitespace=true; const Chunk *chunk=&head; do { const Chunk::Row *row=chunk->rows; @@ -94,9 +141,26 @@ char *String::store_to(char *dest, Untai // WARNING: // string can grow only UNTAINT_TIMES_BIGGER - switch(lang==UL_UNKNOWN?row->item.lang:lang) { + switch(lang==UL_UNSPECIFIED?row->item.lang:lang) { case UL_CLEAN: // clean piece + { // optimizing whitespace + const char *src=row->item.ptr; + for(int size=row->item.size; size--; src++) + switch(*src) { + case ' ': case '\n': case '\r': case '\t': + if(!whitespace) { + *dest++=*src; + whitespace=true; + } + break; + default: + whitespace=false; + *dest++=*src; + break; + } + } + break; case UL_TAINTED: // tainted piece, but undefined untaint language // for VString.as_double of tainted values @@ -110,7 +174,7 @@ char *String::store_to(char *dest, Untai // tainted, untaint language: file [name] escape(switch(*src) { case ' ': to_char('_'); break; - encode(need_file_encode, '-'); + encode(need_file_encode, '+'); }); break; case UL_URI: @@ -120,11 +184,43 @@ char *String::store_to(char *dest, Untai encode(need_uri_encode, '%'); }); break; - case UL_HEADER: - // tainted, untaint language: header - escape(switch(*src) { - encode(need_header_encode, '%'); - }); + case UL_HTTP_HEADER: + // tainted, untaint language: http-header + if(need_quote_http_header(row->item.ptr, row->item.size)) { + *dest++='\"'; + escape(switch(*src) { + case '\"': to_string("\\\"", 2); break; + _default; + }); + *dest++='\"'; + } else { + memcpy(dest, row->item.ptr, row->item.size); + dest+=row->item.size; + } + break; + case UL_MAIL_HEADER: + // tainted, untaint language: mail-header + if(charset) { + // Subject: Re: parser3: =?koi8-r?Q?=D3=C5=CD=C9=CE=C1=D2?= + const char *src=row->item.ptr; + bool to_base_64=false; + for(int size=row->item.size; size--; src++) { + if(*src & 0x80) { + if(!to_base_64) { + dest+=sprintf(dest, "=?%.15s?Q?", charset); + to_base_64=true; + } + dest+=sprintf(dest, "=%02X", *src & 0xFF); + } else { + *dest++=*src; + } + } + if(to_base_64) // close + dest+=sprintf(dest, "?="); + } else { + memcpy(dest, row->item.ptr, row->item.size); + dest+=row->item.size; + } break; case UL_TABLE: // tainted, untaint language: table @@ -136,9 +232,12 @@ char *String::store_to(char *dest, Untai break; case UL_SQL: // tainted, untaint language: sql - // TODO: зависимость от sql сервера - memset(dest, '?', row->item.size); - dest+=row->item.size; + if(connection) + dest+=connection->quote(dest, row->item.ptr, row->item.size); + else + THROW(0, 0, + this, + "untaint in SQL language failed - no connection specified"); break; case UL_JS: escape(switch(*src) { @@ -160,9 +259,10 @@ char *String::store_to(char *dest, Untai _default; }); break; - case UL_HTML_TYPO: { + case UL_USER_HTML: { // tainted, untaint language: html-typo - char *html_for_typo=(char *)malloc(size()*2/* '\n' -> '\' 'n' */+1); + char *html_for_typo= + (char *)malloc(row->item.size*2/* '\n' -> '\' 'n' */+1); // note: // there still is a possibility that user // would not replace \n as she supposed to @@ -215,9 +315,9 @@ char *String::store_to(char *dest, Untai &b, "is %g times longer then '%s', " "while maximum, handled by Parser, is %d", - ((double)b.size())/a.size(), - a.cstr(), - UNTAINT_TIMES_BIGGER); + ((double)b.size())/a.size(), + a.cstr(), + UNTAINT_TIMES_BIGGER); } // skip 'a' in 'src' @@ -235,8 +335,12 @@ char *String::store_to(char *dest, Untai this, "unknown untaint language #%d of %d piece", static_cast(row->item.lang), - i); + i); // never + break; // never } + + if((lang==UL_UNSPECIFIED?row->item.lang:lang)!=UL_CLEAN) + whitespace=false; } chunk=row->link; } while(chunk);