mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-12 21:52:41 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

escape " ", "%", and %00-%1F in login and password

Browse Source
This commit is contained in:
Igor Sysoev 2007-08-20 09:50:53 +00:00
parent 4edb1d61e9
commit d4ff561681
4 changed files with 19 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/core/ngx_string.c
View File

@ -1019,7 +1019,7 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type)
0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
}; };
/* " ", """, "%", "'", %00-%1F, %7F-%FF */ /* " ", "#", """, "%", "'", %00-%1F, %7F-%FF */
static uint32_t html[] = { static uint32_t html[] = {
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
@ -1039,13 +1039,13 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type)
0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
}; };
/* " ", """, "'", %00-%1F, %7F-%FF */ /* " ", """, "%", "'", %00-%1F, %7F-%FF */
static uint32_t refresh[] = { static uint32_t refresh[] = {
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
/* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */ /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
0x00000085, /* 0000 0000 0000 0000 0000 0000 1000 0101 */ 0x000000a5, /* 0000 0000 0000 0000 0000 0000 1010 0101 */
/* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */ /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
@ -1059,13 +1059,13 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type)
0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
}; };
/* " ", %00-%1F */ /* " ", "%", %00-%1F */
static uint32_t memcached[] = { static uint32_t memcached[] = {
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
/* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */ /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
0x00000001, /* 0000 0000 0000 0000 0000 0000 0000 0001 */ 0x00000021, /* 0000 0000 0000 0000 0000 0000 0010 0001 */
/* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */ /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
@ -1079,7 +1079,10 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type)
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
}; };
static uint32_t *map[] = { uri, args, html, refresh, memcached }; /* mail_auth is the same as memcached */
static uint32_t *map[] =
{ uri, args, html, refresh, memcached, memcached };
escape = map[type]; escape = map[type];

1
src/core/ngx_string.h
View File

@ -155,6 +155,7 @@ u_char *ngx_utf_cpystrn(u_char *dst, u_char *src, size_t n);
#define NGX_ESCAPE_HTML 2 #define NGX_ESCAPE_HTML 2
#define NGX_ESCAPE_REFRESH 3 #define NGX_ESCAPE_REFRESH 3
#define NGX_ESCAPE_MEMCACHED 4 #define NGX_ESCAPE_MEMCACHED 4
#define NGX_ESCAPE_MAIL_AUTH 5
#define NGX_UNESCAPE_URI 1 #define NGX_UNESCAPE_URI 1

36
src/mail/ngx_mail_auth_http_module.c
View File

@ -1251,18 +1251,10 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
static ngx_int_t static ngx_int_t
ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped) ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped)
{ {
u_char ch, *p; u_char *p;
ngx_uint_t i, n; uintptr_t n;
n = 0; n = ngx_escape_uri(NULL, text->data, text->len, NGX_ESCAPE_MAIL_AUTH);
for (i = 0; i < text->len; i++) {
ch = text->data[i];
if (ch == CR || ch == LF) {
n++;
}
}
if (n == 0) { if (n == 0) {
*escaped = *text; *escaped = *text;
@ -1276,28 +1268,10 @@ ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped)
return NGX_ERROR; return NGX_ERROR;
} }
(void) ngx_escape_uri(p, text->data, text->len, NGX_ESCAPE_MAIL_AUTH);
escaped->data = p; escaped->data = p;
for (i = 0; i < text->len; i++) {
ch = text->data[i];
if (ch == CR) {
*p++ = '%';
*p++ = '0';
*p++ = 'D';
continue;
}
if (ch == LF) {
*p++ = '%';
*p++ = '0';
*p++ = 'A';
continue;
}
*p++ = ch;
}
return NGX_OK; return NGX_OK;
} }

4
src/mail/ngx_mail_parse.c
View File

@ -434,6 +434,10 @@ ngx_int_t ngx_imap_parse_command(ngx_mail_session_t *s)
break; break;
case sw_argument: case sw_argument:
if (ch == ' ' && s->quoted) {
break;
}
switch (ch) { switch (ch) {
case '"': case '"':
if (!s->quoted) { if (!s->quoted) {