Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit88ebf8a

Browse files
committed
Merge pull requestmicrosoft#152 from client9/remotes/trunk
Merge pull requestmicrosoft#152 from client9/remotes/trunkSync to libinjection v3.7.1
2 parentsb76e26d +fcb6dc1 commit88ebf8a

File tree

3 files changed

+53
-11
lines changed

3 files changed

+53
-11
lines changed

‎apache2/libinjection/libinjection.h‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ extern "C" {
1919
* See python's normalized version
2020
* http://www.python.org/dev/peps/pep-0386/#normalizedversion
2121
*/
22-
#defineLIBINJECTION_VERSION "3.6.0"
22+
#defineLIBINJECTION_VERSION "3.7.1"
2323

2424
/**
2525
* Libinjection's sqli module makes a "normalized"

‎apache2/libinjection/libinjection_sqli.c‎

Lines changed: 42 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -120,6 +120,7 @@ memchr2(const char *haystack, size_t haystack_len, char c0, char c1)
120120
}
121121

122122
/**
123+
* memmem might not exist on some systems
123124
*/
124125
staticconstchar*
125126
my_memmem(constchar*haystack,size_thlen,constchar*needle,size_tnlen)
@@ -285,9 +286,11 @@ static void st_clear(stoken_t * st)
285286
staticvoidst_assign_char(stoken_t*st,constcharstype,size_tpos,size_tlen,
286287
constcharvalue)
287288
{
289+
/* done to elimiate unused warning */
290+
(void)len;
288291
st->type= (char)stype;
289292
st->pos=pos;
290-
st->len=len;
293+
st->len=1;
291294
st->val[0]=value;
292295
st->val[1]=CHAR_NULL;
293296
}
@@ -299,7 +302,7 @@ static void st_assign(stoken_t * st, const char stype,
299302
size_tlast=len<MSIZE ?len : (MSIZE-1);
300303
st->type= (char)stype;
301304
st->pos=pos;
302-
st->len=len;
305+
st->len=last;
303306
memcpy(st->val,value,last);
304307
st->val[last]=CHAR_NULL;
305308
}
@@ -857,6 +860,25 @@ static size_t parse_xstring(struct libinjection_sqli_state *sf)
857860
returnpos+2+wlen+1;
858861
}
859862

863+
/**
864+
* This handles MS SQLSERVER bracket words
865+
* http://stackoverflow.com/questions/3551284/sql-serverwhat-do-brackets-mean-around-column-name
866+
*
867+
*/
868+
staticsize_tparse_bword(structlibinjection_sqli_state*sf)
869+
{
870+
constchar*cs=sf->s;
871+
size_tpos=sf->pos;
872+
constchar*endptr= (constchar*)memchr(cs+pos,']',sf->slen-pos);
873+
if (endptr==NULL) {
874+
st_assign(sf->current,TYPE_BAREWORD,pos,sf->slen-pos,cs+pos);
875+
returnsf->slen;
876+
}else {
877+
st_assign(sf->current,TYPE_BAREWORD,pos, (endptr-cs)-pos+1,cs+pos);
878+
return (endptr-cs)+1;
879+
}
880+
}
881+
860882
staticsize_tparse_word(structlibinjection_sqli_state*sf)
861883
{
862884
charch;
@@ -865,7 +887,7 @@ static size_t parse_word(struct libinjection_sqli_state * sf)
865887
constchar*cs=sf->s;
866888
size_tpos=sf->pos;
867889
size_twlen=strlencspn(cs+pos,sf->slen-pos,
868-
" {}<>:\\?=@!#~+-*/&|^%(),';\t\n\v\f\r\"\000");
890+
"[]{}<>:\\?=@!#~+-*/&|^%(),';\t\n\v\f\r\"\000");
869891

870892
st_assign(sf->current,TYPE_BAREWORD,pos,wlen,cs+pos);
871893

@@ -1720,8 +1742,7 @@ int libinjection_sqli_fold(struct libinjection_sqli_state * sf)
17201742
(sf->tokenvec[left+2].type==TYPE_NUMBER||
17211743
sf->tokenvec[left+2].type==TYPE_BAREWORD||
17221744
sf->tokenvec[left+2].type==TYPE_VARIABLE||
1723-
sf->tokenvec[left+2].type==TYPE_STRING||
1724-
sf->tokenvec[left+2].type==TYPE_FUNCTION )) {
1745+
sf->tokenvec[left+2].type==TYPE_STRING)) {
17251746
/*
17261747
* interesting case turn ", -1" ->> ",1" PLUS we need to back up
17271748
* one token if possible to see if more folding can be done
@@ -1735,6 +1756,19 @@ int libinjection_sqli_fold(struct libinjection_sqli_state * sf)
17351756
assert(pos >=3);
17361757
pos-=3;
17371758
continue;
1759+
}elseif (sf->tokenvec[left].type==TYPE_COMMA&&
1760+
st_is_unary_op(&sf->tokenvec[left+1])&&
1761+
sf->tokenvec[left+2].type==TYPE_FUNCTION) {
1762+
1763+
/* Seperate case from above since you end up with
1764+
* 1,-sin(1) --> 1 (1)
1765+
* Here, just do
1766+
* 1,-sin(1) --> 1,sin(1)
1767+
* just remove unary opartor
1768+
*/
1769+
st_copy(&sf->tokenvec[left+1],&sf->tokenvec[left+2]);
1770+
pos-=1;
1771+
continue;
17381772
}elseif ((sf->tokenvec[left].type==TYPE_BAREWORD)&&
17391773
(sf->tokenvec[left+1].type==TYPE_DOT)&&
17401774
(sf->tokenvec[left+2].type==TYPE_BAREWORD)) {
@@ -2132,10 +2166,10 @@ static int reparse_as_mysql(struct libinjection_sqli_state * sql_state)
21322166
/*
21332167
* This function is mostly use with SWIG
21342168
*/
2135-
structlibinjection_sqli_token*libinjection_sqli_get_token(structlibinjection_sqli_state*sql_state,
2136-
inti)
2169+
structlibinjection_sqli_token*
2170+
libinjection_sqli_get_token(structlibinjection_sqli_state*sql_state,inti)
21372171
{
2138-
if (i<0||i>(int)strlen(sql_state->fingerprint)) {
2172+
if (i<0||i>LIBINJECTION_SQLI_MAX_TOKENS) {
21392173
returnNULL;
21402174
}
21412175
return&(sql_state->tokenvec[i]);

‎apache2/libinjection/libinjection_sqli_data.h‎

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ static size_t parse_nqstring(sfilter * sf);
3030
staticsize_tparse_xstring(sfilter*sf);
3131
staticsize_tparse_bstring(sfilter*sf);
3232
staticsize_tparse_estring(sfilter*sf);
33+
staticsize_tparse_bword(sfilter*sf);
3334

3435

3536
typedefsize_t (*pt2Function)(sfilter*sf);
@@ -125,7 +126,7 @@ static const pt2Function char_parse_map[] = {
125126
&parse_xstring,/* 88 */
126127
&parse_word,/* 89 */
127128
&parse_word,/* 90 */
128-
&parse_other,/* 91 */
129+
&parse_bword,/* 91 */
129130
&parse_backslash,/* 92 */
130131
&parse_other,/* 93 */
131132
&parse_operator1,/* 94 */
@@ -618,6 +619,8 @@ static const keyword_t sql_keywords[] = {
618619
{"01&VU;",'F'},
619620
{"01&VUC",'F'},
620621
{"01&VUE",'F'},
622+
{"01(EF(",'F'},
623+
{"01(EKF",'F'},
621624
{"01(EKN",'F'},
622625
{"01(ENK",'F'},
623626
{"01(U(E",'F'},
@@ -3833,6 +3836,7 @@ static const keyword_t sql_keywords[] = {
38333836
{"0N(1OF",'F'},
38343837
{"0N(1OS",'F'},
38353838
{"0N(1OV",'F'},
3839+
{"0N(EF(",'F'},
38363840
{"0N(EKN",'F'},
38373841
{"0N(ENK",'F'},
38383842
{"0N(F()",'F'},
@@ -5525,6 +5529,8 @@ static const keyword_t sql_keywords[] = {
55255529
{"0S&VU;",'F'},
55265530
{"0S&VUC",'F'},
55275531
{"0S&VUE",'F'},
5532+
{"0S(EF(",'F'},
5533+
{"0S(EKF",'F'},
55285534
{"0S(EKN",'F'},
55295535
{"0S(ENK",'F'},
55305536
{"0S(U(E",'F'},
@@ -7713,6 +7719,8 @@ static const keyword_t sql_keywords[] = {
77137719
{"0V&VU;",'F'},
77147720
{"0V&VUC",'F'},
77157721
{"0V&VUE",'F'},
7722+
{"0V(EF(",'F'},
7723+
{"0V(EKF",'F'},
77167724
{"0V(EKN",'F'},
77177725
{"0V(ENK",'F'},
77187726
{"0V(U(E",'F'},
@@ -9871,5 +9879,5 @@ static const keyword_t sql_keywords[] = {
98719879
{"||",'&'},
98729880
{"~*",'o'},
98739881
};
9874-
staticconstsize_tsql_keywords_sz=9705;
9882+
staticconstsize_tsql_keywords_sz=9712;
98759883
#endif

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp