|
|
| version 1.15, 2001/03/25 08:52:37 | version 1.154, 2009/09/10 12:31:43 |
|---|---|
| Line 1 | Line 1 |
| /** @file | /** @file |
| Parser: String class part: untaint mechanizm. | Parser: String class part: untaint mechanizm. |
| Copyright(c) 2001 ArtLebedev Group(http://www.artlebedev.com) | Copyright(c) 2001-2005 ArtLebedev Group (http://www.artlebedev.com) |
| Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru) | |
| Author: Alexander Petrosyan <paf@design.ru>(http://design.ru/paf) | |
| $Id$ | |
| */ | */ |
| #include "pa_config_includes.h" | static const char * const IDENT_UNTAINT_C="$Date$"; |
| #include "pa_pool.h" | |
| #include "pa_string.h" | #include "pa_string.h" |
| #include "pa_hash.h" | #include "pa_hash.h" |
| #include "pa_exception.h" | #include "pa_exception.h" |
| #include "pa_table.h" | #include "pa_table.h" |
| #include "pa_globals.h" | |
| #include "pa_dictionary.h" | |
| #include "pa_common.h" | |
| #include "pa_charset.h" | |
| #include "pa_request_charsets.h" | |
| #include "pa_sapi.h" | |
| #define escape(cases) \ | extern "C" { // author forgot to do that |
| { \ | #include "ec.h" |
| const char *src=row->item.ptr; \ | } |
| for(int size=row->item.size; size--; src++) \ | |
| switch(*src) { \ | |
| cases \ | |
| } \ | |
| } | |
| #define to_char(a, c) case a: *dest++=c; break | |
| #define _default default: *dest++=*src; break | |
| #define to_string(a, b, bsize) \ | |
| case a: \ | |
| strncpy(dest, b, bsize); \ | |
| dest+=bsize; \ | |
| break | |
| #define encode(need_encode_func, prefix) \ | |
| default: \ | |
| if(need_encode_func(*src)) { \ | |
| static const char *hex="0123456789ABCDEF"; \ | |
| char chunk[3]={prefix}; \ | |
| chunk[1]=hex[((unsigned char)*src)/0x10]; \ | |
| chunk[2]=hex[((unsigned char)*src)%0x10]; \ | |
| strncpy(dest, chunk, 3); dest+=3; \ | |
| } else \ | |
| *dest++=*src; \ | |
| break | |
| inline bool need_file_encode(unsigned char c){ | #include "pa_sql_connection.h" |
| if((c>='0') &&(c<='9') ||(c>='A') &&(c<='Z') ||(c>='a') &&(c<='z')) | |
| return false; | |
| return !strchr("./", c); | // defines |
| #undef CORD_ec_append | |
| // redefining to intercept flushes and implement whitespace optimization | |
| // of all consequent white space chars leaving only first one | |
| #define CORD_ec_append(x, c) \ | |
| { \ | |
| bool skip=false; \ | |
| if(optimize) switch(c) { \ | |
| case ' ': case '\n': case '\t': \ | |
| if(whitespace) \ | |
| skip=true; /*skipping subsequent*/ \ | |
| else \ | |
| whitespace=true; \ | |
| break; \ | |
| default: \ | |
| whitespace=false; \ | |
| break; \ | |
| } \ | |
| if(!skip) { \ | |
| if ((x)[0].ec_bufptr == (x)[0].ec_buf + CORD_BUFSZ) { \ | |
| CORD_ec_flush_buf(x); \ | |
| } \ | |
| *((x)[0].ec_bufptr)++ = (c); \ | |
| } \ | |
| } | |
| #define escape_fragment(action) \ | |
| for(; fragment_length--; CORD_next(info->pos)) { \ | |
| char c=CORD_pos_fetch(info->pos); \ | |
| action \ | |
| } | |
| #define _default CORD_ec_append(info->result, c) | |
| #define encode(need_encode_func, prefix, otherwise) \ | |
| if(need_encode_func(c)) { \ | |
| static const char* hex="0123456789ABCDEF"; \ | |
| CORD_ec_append(info->result, prefix); \ | |
| CORD_ec_append(info->result, hex[((unsigned char)c)/0x10]); \ | |
| CORD_ec_append(info->result, hex[((unsigned char)c)%0x10]); \ | |
| } else \ | |
| CORD_ec_append(info->result, otherwise); | |
| #define to_char(c) { CORD_ec_append(info->result, c); whitespace=false; } | |
| #define to_string(s) { CORD_ec_append_cord(info->result, s); whitespace=false; } | |
| inline bool need_file_encode(unsigned char c){ | |
| // russian letters and space ENABLED | |
| // encoding only these... | |
| return strchr( | |
| "*?'\"<>|" | |
| #ifndef WIN32 | |
| ":\\" | |
| #endif | |
| , c)!=0; | |
| } | } |
| inline bool need_uri_encode(unsigned char c){ | inline bool need_uri_encode(unsigned char c){ |
| if((c>='0') &&(c<='9') ||(c>='A') &&(c<='Z') ||(c>='a') &&(c<='z')) | if((c>='0') && (c<='9') || (c>='A') && (c<='Z') || (c>='a') && (c<='z')) |
| return false; | return false; |
| return !strchr("_-./", c); | return !strchr("_-./", c); |
| } | } |
| inline bool need_header_encode(unsigned char c){ | |
| if(strchr(" ,:", c)) | inline bool need_http_header_encode(unsigned char c){ |
| if(strchr(" , :", c)) | |
| return false; | return false; |
| return need_uri_encode(c); | return need_uri_encode(c); |
| } | } |
| inline bool need_regex_escape(unsigned char c){ | |
| return strchr("\\^$.[]|()?*+{}-", c)!=0; | |
| } | |
| inline bool need_parser_code_escape(unsigned char c){ | |
| return strchr("^$;@()[]{}:#\"", c)!=0; | |
| } | |
| // String | // String |
| static bool typo_present(Array::Item *value, const void *info) { | /* |
| Array *row=static_cast<Array *>(value); | HTTP-header = field-name ":" [ field-value ] CRLF |
| const char *src=static_cast<const char *>(info); | |
| field-name = token | |
| int partial; | field-value = *( field-content | LWS ) |
| row->get_string(0)->cmp(src, partial); | |
| return | field-content = <the OCTETs making up the field-value |
| partial==0 || // full match | and consisting of either *TEXT or combinations |
| partial==1; // typo left column starts 'src' | of token, tspecials, and quoted-string> |
| } | |
| /// @todo optimize whitespaces for all but 'html' | token = 1*<any CHAR except CTLs or tspecials> |
| char *String::store_to(char *dest) const { | word = token | quoted-string |
| // $MAIN:html-typo table | quoted-string = ( <"> *(qdtext | quoted-pair ) <"> ) |
| Table *typo_table=static_cast<Table *>(pool().tag()); | qdtext = <any TEXT except <">> |
| quoted-pair = "\" CHAR | |
| const Chunk *chunk=&head; | |
| do { | OCTET = <any 8-bit sequence of data> |
| const Chunk::Row *row=chunk->rows; | CHAR = <any US-ASCII character (octets 0 - 127)> |
| for(int i=0; i<chunk->count; i++) { | |
| if(row==append_here) | tspecials = "(" | ")" | "<" | ">" | "@" |
| goto break2; | | "," | ";" | ":" | "\" | <"> |
| | "/" | "[" | "]" | "?" | "=" | |
| // WARNING: | | "{" | "}" | SP | HT |
| // string can grow only UNTAINT_TIMES_BIGGER | |
| switch(row->item.lang) { | SP = <US-ASCII SP, space (32)> |
| case UL_NO: | HT = <US-ASCII HT, horizontal-tab (9)> |
| // clean piece | |
| case UL_YES: | LWS = [CRLF] 1*( SP | HT ) |
| // tainted piece, but undefined untaint language | TEXT = <any OCTET except CTLs, but including LWS> |
| // for VString.get_double of tainted values | CTL = <any US-ASCII control character (octets 0 - 31) and DEL (127)> |
| // for ^process{body} evaluation | |
| case UL_AS_IS: | |
| // tainted, untaint language: as-is | if(strchr("()<>@,;:\\\"/[]?={} \t", *ptr)) |
| memcpy(dest, row->item.ptr, row->item.size); | */ |
| dest+=row->item.size; | inline bool need_quote_http_header(const char* ptr, size_t size) { |
| break; | for(; size--; ptr++) |
| case UL_FILE_NAME: | if(strchr(";\\\"= \t" /* excluded ()<>@, :/ ? []{} */, *ptr)) |
| // tainted, untaint language: file [name] | return true; |
| escape( | return false; |
| to_char(' ', '_'); | } |
| encode(need_file_encode, '-'); | |
| ); | #ifndef DOXYGEN |
| break; | struct Append_fragment_info { |
| case UL_URI: | String::Language lang; |
| // tainted, untaint language: uri | String::Languages* dest_languages; |
| escape( | size_t dest_body_plan_length; |
| to_char(' ', '+'); | }; |
| encode(need_uri_encode, '%'); | #endif |
| ); | int append_fragment_optimizing(char alang, size_t asize, Append_fragment_info* info) { |
| break; | const String::Language lang=(String::Language)(unsigned char)alang; |
| case UL_HEADER: | // main idea here: |
| // tainted, untaint language: header | // tainted piece would get OPTIMIZED bit from 'lang' |
| escape( | // clean piece would be marked OPTIMIZED manually |
| encode(need_header_encode, '%'); | // pieces with determined languages [not tainted|clean] would retain theirs langs |
| ); | info->dest_languages->append(info->dest_body_plan_length, |
| break; | lang==String::L_TAINTED? |
| case UL_TABLE: | info->lang |
| // tainted, untaint language: table | :lang==String::L_CLEAN? |
| escape( | (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT) // ORing with OPTIMIZED flag |
| to_char('\t', ' '); | :lang, |
| to_char('\n', ' '); | asize); |
| _default; | info->dest_body_plan_length+=asize; |
| ); | |
| break; | return 0; // 0=continue |
| case UL_SQL: | } |
| // tainted, untaint language: sql | int append_fragment_nonoptimizing(char alang, size_t asize, Append_fragment_info* info) { |
| // TODO: зависимость от sql сервера | const String::Language lang=(String::Language)(unsigned char)alang; |
| memset(dest, '?', row->item.size); | // The core idea: tainted pieces got marked with context's lang |
| dest+=row->item.size; | info->dest_languages->append(info->dest_body_plan_length, |
| break; | lang==String::L_TAINTED? |
| case UL_JS: | info->lang |
| escape( | :lang, |
| to_string('"', "\\\"", 2); | asize); |
| to_string('\'', "\\'", 2); | info->dest_body_plan_length+=asize; |
| to_string('\n', "\\n", 2); | |
| to_string('\\', "\\\\", 2); | return 0; // 0=continue |
| to_string('\xFF', "\\\xFF", 2); | } |
| _default; | |
| ); | /** |
| break; | appends to other String, |
| case UL_HTML: | marking all tainted pieces of it with @a lang. |
| escape( | or marking ALL pieces of it with a @a lang when @a forced to, |
| to_string('&', "&", 5); | and propagating OPTIMIZE language bit. |
| to_string('>', ">", 4); | */ |
| to_string('<', "<",4); | String& String::append_to(String& dest, Language ilang, bool forced) const { |
| to_string('"', """,6); | if(is_empty()) |
| to_char('\t', ' '); | return dest; |
| //TODO: XSLT to_string('\'', "'", 6) | |
| _default; | // first: fragment infos |
| ); | |
| if(ilang==L_PASS_APPENDED) // without language-change? | |
| dest.langs.appendHelper(dest.body, langs, body); | |
| else if(forced) //forcing passed lang? | |
| dest.langs.appendHelper(dest.body, ilang, body); | |
| else { | |
| if(langs.opt.is_not_just_lang){ | |
| Append_fragment_info info={ilang, &dest.langs, dest.body.length()}; | |
| langs.for_each(body, ilang&L_OPTIMIZE_BIT? | |
| append_fragment_optimizing | |
| :append_fragment_nonoptimizing, &info); | |
| } else { | |
| Language lang=langs.opt.lang; | |
| // see append_fragment_* for explanation | |
| if(ilang&L_OPTIMIZE_BIT){ | |
| dest.langs.appendHelper(dest.body, | |
| lang==String::L_TAINTED? | |
| ilang | |
| :lang==String::L_CLEAN? | |
| (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT) | |
| :lang, | |
| body); | |
| } else { | |
| dest.langs.appendHelper(dest.body, lang==String::L_TAINTED ? ilang:lang, body); | |
| } | |
| } | |
| } | |
| // next: letters | |
| dest.body<<body; | |
| ASSERT_STRING_INVARIANT(dest); | |
| return dest; | |
| } | |
| /** http://www.ietf.org/rfc/rfc2047.txt | |
| RFC | |
| (3) As a replacement for a 'word' entity within a 'phrase', for example, | |
| one that precedes an address in a From, To, or Cc header. The ABNF | |
| definition for 'phrase' from RFC 822 thus becomes: | |
| phrase = 1*( encoded-word / word ) | |
| In this case the set of characters that may be used in a "Q"-encoded | |
| 'encoded-word' is restricted to: <upper and lower case ASCII | |
| letters, decimal digits, "!", "*", "+", "-", "/", "=", and "_" | |
| (underscore, ASCII 95.)>. An 'encoded-word' that appears within a | |
| 'phrase' MUST be separated from any adjacent 'word', 'text' or | |
| 'special' by 'linear-white-space'. | |
| ... | |
| (2) The 8-bit hexadecimal value 20 (e.g., ISO-8859-1 SPACE) may be | |
| represented as "_" (underscore, ASCII 95.). (This character may | |
| not pass through some internetwork mail gateways, but its use | |
| will greatly enhance readability of "Q" encoded data with mail | |
| readers that do not support this encoding.) Note that the "_" | |
| always represents hexadecimal 20, even if the SPACE character | |
| occupies a different code position in the character set in use. | |
| paf: obviously, | |
| without "=", or one could not differ "=E0" and "russian letter a" | |
| and without "_", or in would mean 0x20 | |
| */ | |
| inline bool mail_header_char_valid_within_Qencoded(char c) { | |
| return c>='A' && c<='Z' | |
| || c>='a' && c<='Z' | |
| || c>='0' && c<='9' | |
| || strchr("!*+-/", c); | |
| } | |
| inline bool addr_spec_soon(const char *src) { | |
| for(char c; (c=*src); src++) | |
| if(c=='<') | |
| return true; | |
| else if(!(c==' ' || c=='\t')) | |
| return false; | |
| return false; | |
| } | |
| /** | |
| RFC | |
| Upper case should be used for hexadecimal digits "A" through "F" | |
| The 8-bit hexadecimal value 20 (e.g., ISO-8859-1 SPACE) | |
| may be represented as "_" | |
| */ | |
| inline bool mail_header_nonspace_char(char c) { | |
| return c != 0x20; | |
| } | |
| inline void ec_append(CORD_ec& result, bool& optimize, bool& whitespace, CORD_pos pos, size_t size) { | |
| while(size--) { | |
| CORD_ec_append(result, CORD_pos_fetch(pos)); | |
| CORD_next(pos); | |
| } | |
| } | |
| inline void pa_CORD_pos_advance(CORD_pos pos, size_t n) { | |
| while(true) { | |
| long avail=CORD_pos_chars_left(pos); | |
| if(avail<=0) { | |
| CORD_next(pos); | |
| if(!--n) | |
| break; | break; |
| case UL_HTML_TYPO: { | } else if((size_t)avail<n) { |
| // tainted, untaint language: html-typo | CORD_pos_advance(pos, avail); |
| char *html=(char *)malloc(size()*6/*""" the longest possible*/+1); | n-=avail; |
| size_t html_size; | } else { // avail>=n |
| { // local dest | CORD_pos_advance(pos, n); |
| char *dest=html; | break; |
| escape( | } |
| to_string('&', "&", 5); | } |
| to_string('>', ">", 4); | } |
| to_string('<', "<",4); | |
| to_string('"', """,6); | #ifndef DOXYGEN |
| to_char('\t', ' '); | struct Cstr_to_string_body_block_info { |
| to_string('\r', "", 0); // todo: check mac & linux browsers' textarea | // input |
| to_string('\n', "\\n", 2); // convinient name for typo match | String::Language lang; |
| //TODO: XSLT to_string('\'', "'", 6) | SQL_Connection* connection; |
| _default; | const Request_charsets* charsets; |
| ); | const String::Body* body; |
| *dest=0; | |
| html_size=dest-html; | // output |
| CORD_ec result; | |
| // private | |
| CORD_pos pos; | |
| size_t fragment_begin; | |
| bool whitespace; | |
| const char* exception; | |
| }; | |
| #endif | |
| // @todo: replace info->body->mid with something that uses info->pos | |
| int cstr_to_string_body_block(String::Language to_lang, size_t fragment_length, Cstr_to_string_body_block_info* info) { | |
| bool& whitespace=info->whitespace; | |
| size_t fragment_end=info->fragment_begin+fragment_length; | |
| //fprintf(stderr, "%d, %d =%s=\n", to_lang, fragment_length, info->body->cstr()); | |
| bool optimize=(to_lang & String::L_OPTIMIZE_BIT)!=0; | |
| if(!optimize) | |
| whitespace=false; | |
| switch(to_lang & ~String::L_OPTIMIZE_BIT) { | |
| case String::L_CLEAN: | |
| case String::L_TAINTED: | |
| case String::L_AS_IS: | |
| // clean piece | |
| // tainted piece, but undefined untaint language | |
| // for VString.as_double of tainted values | |
| // for ^process{body} evaluation | |
| // tainted, untaint language: as-is | |
| ec_append(info->result, optimize, whitespace, info->pos, fragment_length); | |
| break; | |
| case String::L_FILE_SPEC: | |
| // tainted, untaint language: file [name] | |
| { | |
| escape_fragment( | |
| encode(need_file_encode, '_', c); | |
| ); | |
| } | |
| break; | |
| case String::L_FILE_POST: | |
| { | |
| escape_fragment(switch(c) { | |
| case '\0': to_string("\\0"); break; | |
| case '\\': to_string("\\\\"); break; | |
| default: _default; break; | |
| }); | |
| } | |
| break; | |
| case String::L_URI: | |
| case String::L_HTTP_HEADER: | |
| // tainted, untaint language: http-field-content-text | |
| escape_fragment( | |
| encode(need_uri_encode, '%', c); | |
| ); | |
| break; | |
| case String::L_MAIL_HEADER: | |
| // tainted, untaint language: mail-header | |
| // http://www.ietf.org/rfc/rfc2047.txt | |
| if(info->charsets) { | |
| size_t mail_size; | |
| const char *mail_ptr= | |
| info->body->mid(info->fragment_begin, mail_size=fragment_length).cstr(); | |
| // skip source [we use recoded version] | |
| pa_CORD_pos_advance(info->pos, mail_size); | |
| const char* charset_name=info->charsets->mail().NAME().cstr(); | |
| // Subject: Re: parser3: =?koi8-r?Q?=D3=C5=CD=C9=CE=C1=D2?= | |
| bool to_quoted_printable=false; | |
| bool email=false; | |
| uchar c; | |
| for(const char* src=mail_ptr; (c=(uchar)*src++); ) { | |
| if(c=='\r' || c=='\n') | |
| c=' '; | |
| if(to_quoted_printable && (c==',' || c == '"' || addr_spec_soon(src-1/*position to 'c'*/))) { | |
| email=c=='<'; | |
| to_string("?="); | |
| to_quoted_printable=false; | |
| } | } |
| // typo table replacements | //RFC + An 'encoded-word' MUST NOT appear in any portion of an 'addr-spec'. |
| if(typo_table) { | if(!email && ( |
| const char *src=html; | !to_quoted_printable && (c & 0x80) // starting quote-printable-encoding on first 8bit char |
| do { | || to_quoted_printable && !mail_header_char_valid_within_Qencoded(c) |
| // there is a row where first column starts 'src' | )) { |
| if(Table::Item *item=typo_table->first_that(typo_present, src)) { | if(!to_quoted_printable) { |
| // get a=>b values | to_string("=?"); |
| const String& a=*static_cast<Array *>(item)->get_string(0); | to_string(charset_name); |
| const String& b=*static_cast<Array *>(item)->get_string(1); | to_string("?Q?"); |
| // empty 'a' check | to_quoted_printable=true; |
| if(a.size()==0) { | } |
| pool().set_tag(0); // avoid recursion | encode(mail_header_nonspace_char, '=', '_'); |
| THROW(0, 0, | } else |
| &a, | to_char(c); |
| "typo table first column elements must not be empty"); | if(c=='>') |
| } | email=false; |
| // overflow check: | } |
| // b allowed to be max UNTAINT_TIMES_BIGGER then a | if(to_quoted_printable) // close |
| if(b.size()>UNTAINT_TIMES_BIGGER*a.size()) { | to_string("?="); |
| pool().set_tag(0); // avoid recursion | |
| THROW(0, 0, | } else |
| &b, | ec_append(info->result, optimize, whitespace, info->pos, fragment_length); |
| "is %g times longer then '%s', " | break; |
| "while maximum, handled by Parser, is %d", | case String::L_SQL: |
| ((double)b.size())/a.size(), | // tainted, untaint language: sql |
| a.cstr(), | if(info->connection) { |
| UNTAINT_TIMES_BIGGER); | const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr(); |
| } | // skip source [we use recoded version] |
| pa_CORD_pos_advance(info->pos, fragment_length); | |
| // skip 'a' in 'src' | |
| src+=a.size(); | to_string(info->connection->quote(fragment_str, fragment_length)); |
| // write 'b' to 'dest' | } else { |
| b.store_to(dest); | info->exception="untaint in SQL language failed - no connection specified"; |
| dest+=b.size(); | info->fragment_begin=fragment_end; |
| } else | return 1; // stop processing. can't throw exception here |
| *dest++=*src++; | } |
| } while(*src); | break; |
| case String::L_JS: | |
| escape_fragment(switch(c) { | |
| case '\n': to_string("\\n"); break; | |
| case '"': to_string("\\\""); break; | |
| case '\'': to_string("\\'"); break; | |
| case '\\': to_string("\\\\"); break; | |
| case '\xFF': to_string("\\\xFF"); break; | |
| case '\r': to_string("\\r"); break; | |
| default: _default; break; | |
| }); | |
| break; | |
| case String::L_XML: | |
| // [2] Char ::= #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF] | |
| escape_fragment(switch(c) { | |
| case '\x20': | |
| case '\x9': | |
| case '\xA': | |
| case '\xD': // this is usually removed on input | |
| _default; | |
| break; | |
| case '&': to_string("&"); break; | |
| case '>': to_string(">"); break; | |
| case '<': to_string("<"); break; | |
| case '"': to_string("""); break; | |
| case '\'': to_string("'"); break; | |
| default: | |
| if(((unsigned char)c)<0x20) { | |
| // fixing it, so that libxml would not result | |
| // in fatal error parsing text | |
| // though it really violates standard. | |
| // to indicate there were an error | |
| // replace bad char not to it's code, | |
| // which we can do, | |
| // but rather to '!' to show that input were actually | |
| // invalid. | |
| // life: shows that MSIE can somehow garble form values | |
| // so that they contain these chars. | |
| to_char('!'); | |
| } else { | } else { |
| memcpy(dest, html, html_size); | _default; |
| dest+=html_size; | |
| } | } |
| break; | break; |
| } | }); |
| default: | break; |
| THROW(0,0, | case String::L_HTML: |
| this, | escape_fragment(switch(c) { |
| "unknown untaint language #%d of %d piece", | case '&': to_string("&"); break; |
| static_cast<int>(row->item.lang), | case '>': to_string(">"); break; |
| i); | case '<': to_string("<"); break; |
| } | case '"': to_string("""); break; |
| row++; | default: _default; break; |
| }); | |
| break; | |
| case String::L_REGEX: | |
| // tainted, untaint language: regex | |
| escape_fragment( | |
| if(need_regex_escape(c)) | |
| to_char('\\') | |
| _default; | |
| ); | |
| break; | |
| case String::L_HTTP_COOKIE: | |
| // tainted, untaint language: cookie (3.3.0 and higher: %uXXXX in UTF-8) | |
| { | |
| const char *fragment_str=info->body->mid(info->fragment_begin, fragment_length).cstr(); | |
| // skip source [we use recoded version] | |
| pa_CORD_pos_advance(info->pos, fragment_length); | |
| String::C output(fragment_str, fragment_length); | |
| output=Charset::escape(output, info->charsets->client()); | |
| //throw Exception(0, 0, output); | |
| to_string(output); | |
| } | } |
| chunk=row->link; | break; |
| } while(chunk); | case String::L_PARSER_CODE: |
| break2: | // for auto-untaint in process |
| return dest; | escape_fragment( |
| if(need_parser_code_escape(c)) | |
| to_char('^'); | |
| _default; | |
| ); | |
| break; | |
| default: | |
| SAPI::abort("unknown untaint language #%d", | |
| static_cast<int>(to_lang)); // should never | |
| break; // never | |
| } | |
| info->fragment_begin=fragment_end; | |
| return 0; // 0=continue | |
| } | |
| String::Body String::cstr_to_string_body_taint(Language lang, SQL_Connection* connection, const Request_charsets *charsets) const { | |
| if(is_empty()) | |
| return String::Body(); | |
| Cstr_to_string_body_block_info info; | |
| // input | |
| info.lang=lang; | |
| info.connection=connection; | |
| info.charsets=charsets; | |
| info.body=&body; | |
| // output | |
| CORD_ec_init(info.result); | |
| // private | |
| body.set_pos(info.pos, 0); | |
| info.fragment_begin=0; | |
| info.exception=0; | |
| info.whitespace=true; | |
| cstr_to_string_body_block(lang, length(), &info); | |
| if(info.exception) | |
| throw Exception(0, | |
| 0, | |
| info.exception); | |
| return String::Body(CORD_ec_to_cord(info.result)); | |
| } | |
| int cstr_to_string_body_block_untaint(char alang, size_t fragment_length, Cstr_to_string_body_block_info* info){ | |
| const String::Language lang=(String::Language)(unsigned char)alang; | |
| // see append_fragment_* for explanation | |
| if(info->lang&String::L_OPTIMIZE_BIT) | |
| return cstr_to_string_body_block( | |
| lang==String::L_TAINTED? | |
| info->lang | |
| :lang==String::L_CLEAN? | |
| (String::Language)(String::L_CLEAN|String::L_OPTIMIZE_BIT) | |
| :lang, | |
| fragment_length, info); | |
| else | |
| return cstr_to_string_body_block(lang==String::L_TAINTED ? info->lang:lang, fragment_length, info); | |
| } | |
| String::Body String::cstr_to_string_body_untaint(Language lang, SQL_Connection* connection, const Request_charsets *charsets) const { | |
| if(is_empty()) | |
| return String::Body(); | |
| Cstr_to_string_body_block_info info; | |
| // input | |
| info.lang=lang; | |
| info.connection=connection; | |
| info.charsets=charsets; | |
| info.body=&body; | |
| // output | |
| CORD_ec_init(info.result); | |
| // private | |
| body.set_pos(info.pos, 0); | |
| info.fragment_begin=0; | |
| info.exception=0; | |
| info.whitespace=true; | |
| langs.for_each(body, cstr_to_string_body_block_untaint, &info); | |
| if(info.exception) | |
| throw Exception(0, | |
| 0, | |
| info.exception); | |
| return String::Body(CORD_ec_to_cord(info.result)); | |
| } | |
| const char* String::transcode_and_untaint_cstr(Language lang, const Request_charsets *charsets) const { | |
| if(charsets && &charsets->source() != &charsets->client()){ | |
| return cstr_to_string_body_transcode_and_untaint(lang, charsets).cstr(); | |
| } else { | |
| return cstr_to_string_body_untaint(lang, 0, charsets).cstr(); | |
| } | |
| } | |
| int cstr_to_string_body_block_transcode_and_untaint(char alang, size_t fragment_length, Cstr_to_string_body_block_info* info){ | |
| String::C output_c=Charset::transcode( | |
| String::C(info->body->mid(info->fragment_begin, fragment_length).cstr(), fragment_length), | |
| info->charsets->source(), | |
| info->charsets->client() | |
| ); | |
| String::Body output_body=String::Body(output_c); | |
| size_t fragment_end=info->fragment_begin+fragment_length; | |
| const String::Body* info_body=info->body; | |
| info->fragment_begin=0; | |
| info->body=&output_body; | |
| info->body->set_pos(info->pos, 0); | |
| int result=cstr_to_string_body_block_untaint(alang, output_c.length, info); | |
| info->fragment_begin=fragment_end; | |
| info->body=info_body; | |
| return result; | |
| } | |
| String::Body String::cstr_to_string_body_transcode_and_untaint(Language lang, const Request_charsets *charsets) const { | |
| if(is_empty()) | |
| return String::Body(); | |
| Cstr_to_string_body_block_info info; | |
| // input | |
| info.lang=lang; | |
| info.connection=0; | |
| info.charsets=charsets; | |
| info.body=&body; | |
| // output | |
| CORD_ec_init(info.result); | |
| // private | |
| body.set_pos(info.pos, 0); | |
| info.fragment_begin=0; | |
| info.exception=0; | |
| info.whitespace=true; | |
| langs.for_each(body, cstr_to_string_body_block_transcode_and_untaint, &info); | |
| if(info.exception) | |
| throw Exception(0, | |
| 0, | |
| info.exception); | |
| return String::Body(CORD_ec_to_cord(info.result)); | |
| } | } |