Klaus Demo nginx / d4ff561
escape " ", "%", and %00-%1F in login and password Igor Sysoev 13 years ago
4 changed file(s) with 20 addition(s) and 38 deletion(s). Raw diff Collapse all Expand all
+9
-6
src/core/ngx_string.c less more
10181018 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
10191019 };
10201020
1021 /* " ", """, "%", "'", %00-%1F, %7F-%FF */
1021 /* " ", "#", """, "%", "'", %00-%1F, %7F-%FF */
10221022
10231023 static uint32_t html[] = {
10241024 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
10381038 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
10391039 };
10401040
1041 /* " ", """, "'", %00-%1F, %7F-%FF */
1041 /* " ", """, "%", "'", %00-%1F, %7F-%FF */
10421042
10431043 static uint32_t refresh[] = {
10441044 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
10451045
10461046 /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
1047 0x00000085, /* 0000 0000 0000 0000 0000 0000 1000 0101 */
1047 0x000000a5, /* 0000 0000 0000 0000 0000 0000 1010 0101 */
10481048
10491049 /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
10501050 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
10581058 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
10591059 };
10601060
1061 /* " ", %00-%1F */
1061 /* " ", "%", %00-%1F */
10621062
10631063 static uint32_t memcached[] = {
10641064 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
10651065
10661066 /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
1067 0x00000001, /* 0000 0000 0000 0000 0000 0000 0000 0001 */
1067 0x00000021, /* 0000 0000 0000 0000 0000 0000 0010 0001 */
10681068
10691069 /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
10701070 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
10781078 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
10791079 };
10801080
1081 static uint32_t *map[] = { uri, args, html, refresh, memcached };
1081 /* mail_auth is the same as memcached */
1082
1083 static uint32_t *map[] =
1084 { uri, args, html, refresh, memcached, memcached };
10821085
10831086
10841087 escape = map[type];
+1
-0
src/core/ngx_string.h less more
154154 #define NGX_ESCAPE_HTML 2
155155 #define NGX_ESCAPE_REFRESH 3
156156 #define NGX_ESCAPE_MEMCACHED 4
157 #define NGX_ESCAPE_MAIL_AUTH 5
157158
158159 #define NGX_UNESCAPE_URI 1
159160
+6
-32
src/mail/ngx_mail_auth_http_module.c less more
12501250 static ngx_int_t
12511251 ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped)
12521252 {
1253 u_char ch, *p;
1254 ngx_uint_t i, n;
1255
1256 n = 0;
1257
1258 for (i = 0; i < text->len; i++) {
1259 ch = text->data[i];
1260
1261 if (ch == CR || ch == LF) {
1262 n++;
1263 }
1264 }
1253 u_char *p;
1254 uintptr_t n;
1255
1256 n = ngx_escape_uri(NULL, text->data, text->len, NGX_ESCAPE_MAIL_AUTH);
12651257
12661258 if (n == 0) {
12671259 *escaped = *text;
12751267 return NGX_ERROR;
12761268 }
12771269
1270 (void) ngx_escape_uri(p, text->data, text->len, NGX_ESCAPE_MAIL_AUTH);
1271
12781272 escaped->data = p;
1279
1280 for (i = 0; i < text->len; i++) {
1281 ch = text->data[i];
1282
1283 if (ch == CR) {
1284 *p++ = '%';
1285 *p++ = '0';
1286 *p++ = 'D';
1287 continue;
1288 }
1289
1290 if (ch == LF) {
1291 *p++ = '%';
1292 *p++ = '0';
1293 *p++ = 'A';
1294 continue;
1295 }
1296
1297 *p++ = ch;
1298 }
12991273
13001274 return NGX_OK;
13011275 }
+4
-0
src/mail/ngx_mail_parse.c less more
433433 break;
434434
435435 case sw_argument:
436 if (ch == ' ' && s->quoted) {
437 break;
438 }
439
436440 switch (ch) {
437441 case '"':
438442 if (!s->quoted) {