![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to untaint.C CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [parser3project] / parser3 / src / main|
Return to untaint.C CVS log | Up to [parser3project] / parser3 / src / main |
1.7 paf 1: /** @file
1.8 paf 2: Parser: String class part: untaint mechanizm.
3:
1.115 paf 4: Copyright(c) 2001, 2003 ArtLebedev Group (http://www.artlebedev.com)
1.89 paf 5: Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru)
1.103 paf 6: */
1.8 paf 7:
1.115.2.3! paf 8: static const char* IDENT_UNTAINT_C="$Date: 2003/01/28 15:16:50 $";
1.1 paf 9:
10: #include "pa_pool.h"
11: #include "pa_string.h"
12: #include "pa_hash.h"
13: #include "pa_exception.h"
1.13 paf 14: #include "pa_table.h"
1.32 paf 15: #include "pa_globals.h"
1.34 paf 16: #include "pa_sql_connection.h"
1.58 parser 17: #include "pa_dictionary.h"
1.66 parser 18: #include "pa_common.h"
1.85 paf 19: #include "pa_charset.h"
1.1 paf 20:
1.18 paf 21: #define escape(action) \
1.1 paf 22: { \
1.115.2.1 paf 23: const char *src=fragment->ptr; \
24: for(int size=fragment->size; size--; src++) \
1.18 paf 25: action \
1.1 paf 26: }
1.13 paf 27: #define _default default: *dest++=*src; break
28: #define encode(need_encode_func, prefix) \
29: if(need_encode_func(*src)) { \
1.5 paf 30: static const char *hex="0123456789ABCDEF"; \
1.9 paf 31: char chunk[3]={prefix}; \
1.13 paf 32: chunk[1]=hex[((unsigned char)*src)/0x10]; \
33: chunk[2]=hex[((unsigned char)*src)%0x10]; \
1.60 parser 34: memcpy(dest, chunk, 3); dest+=3; \
1.5 paf 35: } else \
1.13 paf 36: *dest++=*src; \
1.5 paf 37: break
1.18 paf 38: #define to_char(c) *dest++=c
39: #define to_string(b, bsize) \
1.60 parser 40: memcpy(dest, b, bsize); \
1.18 paf 41: dest+=bsize; \
1.4 paf 42:
1.9 paf 43: inline bool need_file_encode(unsigned char c){
1.108 paf 44: // russian letters and space ENABLED
45: // encoding only these...
46: return strchr(
47: "*?'\"<>|"
48: #ifndef WIN32
49: ":\\~"
1.31 paf 50: #endif
1.108 paf 51: , c)!=0;
1.9 paf 52: }
1.5 paf 53: inline bool need_uri_encode(unsigned char c){
1.13 paf 54: if((c>='0') &&(c<='9') ||(c>='A') &&(c<='Z') ||(c>='a') &&(c<='z'))
1.4 paf 55: return false;
56:
1.5 paf 57: return !strchr("_-./", c);
58: }
1.36 paf 59: inline bool need_http_header_encode(unsigned char c){
1.18 paf 60: if(strchr(" , :", c))
1.5 paf 61: return false;
62:
63: return need_uri_encode(c);
1.4 paf 64: }
1.1 paf 65:
1.56 parser 66: //
67:
68: static const char * String_Untaint_lang_name[]={
69: "U", ///< zero value handy for hash lookup @see untaint_lang_name2enum
70: "C", ///< clean
71: "T", ///< tainted, untaint language as assigned later
72: // untaint languages. assigned by ^untaint[lang]{...}
73: "P",
74: /**<
75: leave language built into string being appended.
76: just a flag, that value not stored
77: */
78: "A", ///< leave all characters intact
1.68 parser 79: "F", ///< file specification
80: "H", ///< ext in HTTP response header
1.56 parser 81: "M", ///< text in mail header
82: "URI", ///< text in uri
83: "T", ///< ^table:set body
84: "SQL", ///< ^table:sql body
85: "JS", ///< JavaScript code
1.68 parser 86: "XML", ///< ^dom:set xml
1.82 paf 87: "HTML" ///< HTML code (for editing)
1.56 parser 88: };
89:
90:
1.1 paf 91: // String
92:
1.41 paf 93: /*
94:
95: HTTP-header = field-name ":" [ field-value ] CRLF
96:
97: field-name = token
98: field-value = *( field-content | LWS )
99:
100: field-content = <the OCTETs making up the field-value
101: and consisting of either *TEXT or combinations
102: of token, tspecials, and quoted-string>
103:
104:
105:
106: word = token | quoted-string
107:
108: token = 1*<any CHAR except CTLs or tspecials>
109:
110:
111:
112: tspecials = "(" | ")" | "<" | ">" | "@"
113: | "," | ";" | ":" | "\" | <">
114: | "/" | "[" | "]" | "?" | "="
115: | "{" | "}" | SP | HT
116:
117: SP = <US-ASCII SP, space (32)>
118: HT = <US-ASCII HT, horizontal-tab (9)>
119:
120: LWS = [CRLF] 1*( SP | HT )
121: TEXT = <any OCTET except CTLs,
122: but including LWS>
123:
124: quoted-pair = "\" CHAR
125:
126: if(strchr("()<>@,;:\\\"/[]?={} \t", *ptr))
127: */
128: inline bool need_quote_http_header(const char *ptr, size_t size) {
129: for(; size--; ptr++)
1.42 paf 130: if(strchr(";\\\"= \t" /* excluded ()<>@, :/ ? []{} */, *ptr))
1.41 paf 131: return true;
132: return false;
133: }
134:
1.91 paf 135: //#include "pa_sapi.h"
136: /**
1.115.2.1 paf 137: appends to other String,
1.91 paf 138: marking all tainted pieces of it with @a lang.
1.92 paf 139: or marking ALL pieces of it with a @a lang when @a forced to,
140: and propagating OPTIMIZE language bit.
1.91 paf 141: */
1.115.2.1 paf 142: String& String::append_to(String& dest, uchar lang, bool forced) const {
143: if(is_empty())
144: return dest;
145:
146: // without language-chage, small[fitting dest tail] string?
147: if(lang==UL_PASS_APPENDED && fused<=(dest.fallocated-dest.fused)) {
148: // felements[fused...]=src.felements[0..fused], fused+=src.fused
149: memcpy(&dest.felements[dest.fused], felements, sizeof(felements[0])*fused);
150: dest.fused+=fused;
151: return dest;
1.91 paf 152: }
153:
1.77 paf 154: // manually unrolled code to avoid do{if(const)} constructs
155: if(forced)
1.115.2.1 paf 156: STRING_FOREACH_FRAGMENT(
157: dest.APPEND(fragment->ptr, fragment->size,
1.77 paf 158: lang, //forcing passed lang
1.115.2.1 paf 159: fragment->origin.file, fragment->origin.line);
1.77 paf 160: )
161: else if(lang==UL_PASS_APPENDED)
1.115.2.1 paf 162: STRING_FOREACH_FRAGMENT(
163: dest.APPEND(fragment->ptr, fragment->size,
164: fragment->lang, // passing item's lang
165: fragment->origin.file, fragment->origin.line);
1.77 paf 166: )
167: else if(lang&UL_OPTIMIZE_BIT) // main idea here
168: // tainted piece would get OPTIMIZED bit from 'lang'
169: // clean piece would be marked OPTIMIZED manually
170: // pieces with determined languages [not tainted|clean] would retain theirs langs
1.115.2.1 paf 171: STRING_FOREACH_FRAGMENT(
172: dest.APPEND(fragment->ptr, fragment->size,
173: fragment->lang==UL_TAINTED?lang:(
174: fragment->lang==UL_CLEAN?UL_CLEAN|UL_OPTIMIZE_BIT: // ORing with OPTIMIZED flag
175: fragment->lang
1.77 paf 176: ),
1.115.2.1 paf 177: fragment->origin.file, fragment->origin.line);
1.77 paf 178: )
179: else
1.115.2.1 paf 180: STRING_FOREACH_FRAGMENT(
181: dest.APPEND(fragment->ptr, fragment->size,
182: fragment->lang==UL_TAINTED?lang:fragment->lang,
183: fragment->origin.file, fragment->origin.line);
1.77 paf 184: );
1.115.2.1 paf 185:
186: return dest;
1.77 paf 187: }
188:
1.75 paf 189: size_t String::cstr_bufsize(Untaint_lang lang,
190: SQL_Connection *connection,
1.115.2.3! paf 191: const Request_charsets *charsets) const {
1.77 paf 192: size_t dest=1; // for terminating 0
1.115.2.1 paf 193: STRING_FOREACH_FRAGMENT(
194: uchar to_lang=lang==UL_UNSPECIFIED?fragment->lang:lang;
1.77 paf 195:
196: switch(to_lang & ~UL_OPTIMIZE_BIT) {
197: case UL_CLEAN:
198: case UL_TAINTED:
199: case UL_AS_IS:
200: // clean piece
201:
202: // tainted piece, but undefined untaint language
203: // for VString.as_double of tainted values
204: // for ^process{body} evaluation
205:
206: // tainted, untaint language: as-is
1.115.2.1 paf 207: dest+=fragment->size;
1.77 paf 208: break;
209: case UL_FILE_SPEC:
210: // tainted, untaint language: file [name]
1.115.2.1 paf 211: dest+=fragment->size*3/* worst: Z->%XX */;
1.77 paf 212: break;
213: case UL_URI:
214: // tainted, untaint language: uri
1.115.2.1 paf 215: dest+=fragment->size*6*3/* worst utf8 x worst Z->%XX */;
1.77 paf 216: break;
217: case UL_HTTP_HEADER:
218: // tainted, untaint language: http-field-content-text
1.115.2.1 paf 219: dest+=fragment->size*3/* worst: Z->%XX */;
1.77 paf 220: break;
221: case UL_MAIL_HEADER:
222: // tainted, untaint language: mail-header
1.115.2.2 paf 223: if(charsets && charsets->mail) {
1.111 paf 224: int parts_count=1;
1.115.2.1 paf 225: const char *prev=fragment->ptr;
226: size_t size=fragment->size;
1.111 paf 227: while(const char *comma_at=(const char*)memchr(prev, ',', size)) {
228: parts_count++;
229: size-=comma_at-prev;
230: prev=comma_at+1;
231: }
1.77 paf 232: // Subject: Re: parser3: =?koi8-r?Q?=D3=C5=CD=C9=CE=C1=D2?=
1.87 paf 233: dest+=
1.115.2.1 paf 234: fragment->size*3+
1.115.2.2 paf 235: parts_count*(charsets->mail->name()->size()+MAX_STRING/* worst: =?charset?Q?=%XX?= */);
1.87 paf 236: } else
1.115.2.1 paf 237: dest+=fragment->size;
1.77 paf 238: break;
239: case UL_TABLE:
240: // tainted, untaint language: table
1.115.2.1 paf 241: dest+=fragment->size;
1.77 paf 242: break;
243: case UL_SQL:
244: // tainted, untaint language: sql
245: if(connection)
1.115.2.1 paf 246: dest+=connection->quote(0, fragment->ptr, fragment->size);
1.77 paf 247: break;
248: case UL_JS:
249: escape(switch(*src) {
250: case '"': case '\'': case '\n': case '\\': case '\xFF':
251: dest+=2; break;
252: default:
253: dest++; break;
254: });
255: break;
256: case UL_XML:
257: escape(switch(*src) {
258: case '&': case '>': case '<': case '"': case '\'':
259: dest+= 6; break;
260: default:
261: dest++; break;
262: });
263: break;
264: case UL_HTML:
265: escape(switch(*src) {
266: case '&':
267: case '>':
268: case '<':
269: case '"':
270: dest+=6; break;
271: default:
272: dest++; break;
273: });
274: break;
1.75 paf 275: }
1.77 paf 276: );
1.75 paf 277: return dest;
1.51 parser 278: }
279:
1.109 paf 280: /** http://www.ietf.org/rfc/rfc2047.txt
281: RFC
282: (3) As a replacement for a 'word' entity within a 'phrase', for example,
283: one that precedes an address in a From, To, or Cc header. The ABNF
284: definition for 'phrase' from RFC 822 thus becomes:
285:
286: phrase = 1*( encoded-word / word )
287:
288: In this case the set of characters that may be used in a "Q"-encoded
289: 'encoded-word' is restricted to: <upper and lower case ASCII
290: letters, decimal digits, "!", "*", "+", "-", "/", "=", and "_"
291: (underscore, ASCII 95.)>. An 'encoded-word' that appears within a
292: 'phrase' MUST be separated from any adjacent 'word', 'text' or
293: 'special' by 'linear-white-space'.
294: ...
295: (2) The 8-bit hexadecimal value 20 (e.g., ISO-8859-1 SPACE) may be
296: represented as "_" (underscore, ASCII 95.). (This character may
297: not pass through some internetwork mail gateways, but its use
298: will greatly enhance readability of "Q" encoded data with mail
299: readers that do not support this encoding.) Note that the "_"
300: always represents hexadecimal 20, even if the SPACE character
301: occupies a different code position in the character set in use.
302:
303: paf: obviously,
304: without "=", or one could not differ "=E0" and "russian letter a"
305: and without "_", or in would mean 0x20
306: */
307: static bool mail_header_char_valid_within_Qencoded(char c) {
308: return c>='A' && c<='Z'
309: || c>='a' && c<='Z'
310: || c>='0' && c<='9'
311: || strchr("!*+-/", c);
312: }
1.43 paf 313: char *String::store_to(char *dest, Untaint_lang lang,
314: SQL_Connection *connection,
1.115.2.3! paf 315: const Request_charsets *charsets) const {
1.75 paf 316: // WARNING:
317: // before any changes check cstr_bufsize first!!!
1.44 paf 318: bool whitespace=true;
1.115.2.1 paf 319: // STRING_FOREACH_FRAGMENT(
320: element_type *last = felements+fused; element_type *fragment = felements; for(; fragment<last; fragment++) {
1.111 paf 321:
1.115.2.1 paf 322: uchar to_lang=lang==UL_UNSPECIFIED?fragment->lang:lang;
1.77 paf 323:
324: char *start=dest;
325:
326: switch(to_lang & ~UL_OPTIMIZE_BIT) {
327: case UL_CLEAN:
328: case UL_TAINTED:
329: case UL_AS_IS:
330: // clean piece
331:
332: // tainted piece, but undefined untaint language
333: // for VString.as_double of tainted values
334: // for ^process{body} evaluation
335:
336: // tainted, untaint language: as-is
1.115.2.1 paf 337: memcpy(dest, fragment->ptr, fragment->size);
338: dest+=fragment->size;
1.77 paf 339: break;
340: case UL_FILE_SPEC:
341: // tainted, untaint language: file [name]
1.83 paf 342: escape(
1.113 paf 343: // Macintosh has problems with small Russian letter 'r'
1.115.2.2 paf 344: if( *src=='\xF0' && charsets && *charsets->source->name()=="windows-1251" ) {
1.113 paf 345: // fixing that letter for most common charset
1.115.2.2 paf 346: to_char('p');
1.114 paf 347: } else // fallback to default
348: encode(need_file_encode, '_');
1.83 paf 349: );
1.77 paf 350: break;
351: case UL_URI:
352: // tainted, untaint language: uri
1.85 paf 353: const void *client_ptr;
354: size_t client_size;
1.115.2.2 paf 355: if(charsets)
356: Charset::transcode(*charsets->pool,
357: *charsets->source, fragment->ptr, fragment->size,
358: *charsets->client, client_ptr, client_size);
359: else {
360: client_ptr=fragment->ptr;
361: client_size=fragment->size;
362: }
363:
1.85 paf 364: {
365: const char *src=(const char *)client_ptr;
366: for(int size=client_size; size--; src++)
1.108 paf 367: encode(need_uri_encode, '%');
1.85 paf 368: }
1.77 paf 369: break;
370: case UL_HTTP_HEADER:
371: // tainted, untaint language: http-field-content-text
1.108 paf 372: escape(
373: encode(need_uri_encode, '%');
374: );
1.77 paf 375: break;
376: case UL_MAIL_HEADER:
377: // tainted, untaint language: mail-header
1.105 paf 378: // http://www.ietf.org/rfc/rfc2047.txt
1.115.2.2 paf 379: if(charsets && charsets->mail) {
1.87 paf 380: const void *mail_ptr;
381: size_t mail_size;
1.115.2.2 paf 382: Charset::transcode(*charsets->pool,
383: *charsets->source, fragment->ptr, fragment->size,
384: *charsets->mail, mail_ptr, mail_size);
1.87 paf 385:
1.77 paf 386: // Subject: Re: parser3: =?koi8-r?Q?=D3=C5=CD=C9=CE=C1=D2?=
1.87 paf 387: const char *src=(const char *)mail_ptr;
1.77 paf 388: bool to_quoted_printable=false;
1.105 paf 389:
1.111 paf 390: bool email=false;
391: for(const char *end=src+mail_size; src<end; src++) {
392: //RFC + An 'encoded-word' MUST NOT appear in any portion of an 'addr-spec'.
393: if(to_quoted_printable && (*src==',' || *src=='<')) {
394: email=*src=='<';
1.105 paf 395: dest+=sprintf(dest, "?=");
1.107 paf 396: to_quoted_printable=false;
1.105 paf 397: }
1.111 paf 398: if(!email && (
1.109 paf 399: !to_quoted_printable && (*src & 0x80) // starting quote-printable-encoding on first 8bit char
400: || to_quoted_printable && !mail_header_char_valid_within_Qencoded(*src)
1.105 paf 401: )) {
1.77 paf 402: if(!to_quoted_printable) {
1.115.2.1 paf 403: dest+=sprintf(dest, "=?%s?Q?", charset_name);
1.77 paf 404: to_quoted_printable=true;
405: }
1.105 paf 406: //RFC Upper case should be used for hexadecimal digits "A" through "F"
1.109 paf 407: if(*src == 0x20) // RFC The 8-bit hexadecimal value 20 (e.g., ISO-8859-1 SPACE)
408: *dest++='_'; // RFC may be represented as "_"
409: else
410: dest+=sprintf(dest, "=%02X", *src & 0xFF);
1.105 paf 411: } else
1.109 paf 412: *dest++=*src;
1.111 paf 413: if(*src=='>')
414: email=false;
1.44 paf 415: }
1.112 paf 416: if(to_quoted_printable) // close
1.77 paf 417: dest+=sprintf(dest, "?=");
1.87 paf 418:
1.77 paf 419: } else {
1.115.2.1 paf 420: memcpy(dest, fragment->ptr, fragment->size);
421: dest+=fragment->size;
1.1 paf 422: }
1.77 paf 423: break;
424: case UL_TABLE:
425: // tainted, untaint language: table
426: escape(switch(*src) {
427: case '\t': to_char(' '); break;
428: case '\n': to_char(' '); break;
429: _default;
430: });
431: break;
432: case UL_SQL:
433: // tainted, untaint language: sql
434: if(connection)
1.115.2.1 paf 435: dest+=connection->quote(dest, fragment->ptr, fragment->size);
1.77 paf 436: else
1.99 paf 437: throw Exception(0,
1.115.2.2 paf 438: ConstStringPtr(this),
1.77 paf 439: "untaint in SQL language failed - no connection specified");
440: break;
441: case UL_JS:
442: escape(switch(*src) {
443: case '"': to_string("\\\"", 2); break;
444: case '\'': to_string("\\'", 2); break;
445: case '\n': to_string("\\n", 2); break;
446: case '\\': to_string("\\\\", 2); break;
447: case '\xFF': to_string("\\\xFF", 2); break;
448: _default;
449: });
450: break;
451: case UL_XML:
452: escape(switch(*src) {
453: case '&': to_string("&", 5); break;
454: case '>': to_string(">", 4); break;
455: case '<': to_string("<", 4); break;
456: case '"': to_string(""", 6); break;
457: case '\'': to_string("'", 6); break;
458: _default;
459: });
460: break;
461: case UL_HTML:
462: escape(switch(*src) {
463: case '&': to_string("&", 5); break;
464: case '>': to_string(">", 4); break;
465: case '<': to_string("<", 4); break;
466: case '"': to_string(""", 6); break;
467: _default;
468: });
469: break;
470: default:
1.99 paf 471: throw Exception(0,
1.115.2.2 paf 472: ConstStringPtr(this),
1.81 paf 473: "unknown untaint language #%d",
1.110 paf 474: static_cast<int>(to_lang)); // should never
1.77 paf 475: break; // never
1.76 paf 476: }
1.55 parser 477:
1.77 paf 478: if(to_lang & UL_OPTIMIZE_BIT) {
479: // optimizing whitespace
480: char *stop=dest; dest=start;
481: for(char *src=start; src<stop; src++)
482: switch(*src) {
483: // of all consequent white space chars leaving only first one
1.80 paf 484: case ' ': case '\r': case '\n': case '\t':
1.77 paf 485: if(!whitespace) {
486: *dest++=*src;
487: whitespace=true;
488: }
489: break;
490: default:
491: whitespace=false;
492: *dest++=*src;
493: break;
494: };
495: } else // piece without optimization
496: whitespace=false;
1.115.2.1 paf 497: // );
498: }
499:
1.76 paf 500: return dest;
501: }
502:
1.115.2.2 paf 503: char *String::cstr_debug_origins(Pool& pool) const {
1.81 paf 504: //_asm int 3;
1.115.2.2 paf 505: char *result=new(pool) char[size()+fused*MAX_STRING*2];
1.76 paf 506: char *dest=result;
507:
1.115.2.1 paf 508: STRING_FOREACH_FRAGMENT(
1.96 paf 509: IFNDEF_NO_STRING_ORIGIN(
1.115.2.1 paf 510: if(fragment->origin.file)
1.96 paf 511: dest+=sprintf(dest, ORIGIN_FILE_LINE_FORMAT,
1.115.2.1 paf 512: fragment->origin.file,
513: 1+fragment->origin.line);
1.96 paf 514: else
515: dest+=sprintf(dest, "<unknown>");
516: );
1.115.2.1 paf 517: uchar show_lang=fragment->lang & ~UL_OPTIMIZE_BIT;
1.96 paf 518: if(show_lang>=sizeof(String_Untaint_lang_name)/sizeof(String_Untaint_lang_name[0]))
1.99 paf 519: throw Exception(0,
1.115.2.2 paf 520: ConstStringPtr(this),
1.96 paf 521: "unknown untaint language #%d",
522: static_cast<int>(show_lang)); // sould never
523:
524: dest+=sprintf(dest, "#%s%s: ",
525: String_Untaint_lang_name[show_lang],
1.115.2.1 paf 526: fragment->lang & UL_OPTIMIZE_BIT?".O":"");
1.96 paf 527: char *dest_after_origins=dest;
1.76 paf 528:
1.115.2.1 paf 529: memcpy(dest, fragment->ptr, fragment->size);
530: dest+=fragment->size;
1.76 paf 531:
1.96 paf 532: remove_crlf(dest_after_origins, dest);
533: to_char('\n');
534: );
1.64 parser 535:
1.76 paf 536: *dest=0;
537: return result;
1.1 paf 538: }