Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit9c0229c

Browse files
author
Felipe Zimmerle
committed
Updates libinjection to v3.10.0
1 parent53571a8 commit9c0229c

File tree

4 files changed

+473
-163
lines changed

4 files changed

+473
-163
lines changed

‎CHANGES‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
DD MMM YYYY - 2.9.2 - To be released
22
------------------------------------
33

4-
* Updates libinjection to: bf234eb2f385b969c4f803b35fda53cffdd93922
5-
[Issue #1412 - @zimmerle, @bjdijk]
4+
* Updates libinjection to v3.10.0
5+
[Issue #1412 - @client9, @zimmerle and @bjdijk]
66
* Avoid log flood while using SecConnEngine
77
[Issue #1436 - @victorhora]
88
* Make url path absolute for SecHashEngine only when it is relative

‎apache2/libinjection/libinjection_html5.c‎

Lines changed: 125 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212

1313

1414
#defineCHAR_EOF -1
15+
#defineCHAR_NULL 0
1516
#defineCHAR_BANG 33
1617
#defineCHAR_DOUBLE 34
1718
#defineCHAR_PERCENT 37
@@ -23,6 +24,7 @@
2324
#defineCHAR_GT 62
2425
#defineCHAR_QUESTION 63
2526
#defineCHAR_RIGHTB 93
27+
#defineCHAR_TICK 96
2628

2729
/* prototypes */
2830

@@ -41,6 +43,7 @@ static int h5_state_before_attribute_name(h5_state_t* hs);
4143
staticinth5_state_before_attribute_value(h5_state_t*hs);
4244
staticinth5_state_attribute_value_double_quote(h5_state_t*hs);
4345
staticinth5_state_attribute_value_single_quote(h5_state_t*hs);
46+
staticinth5_state_attribute_value_back_quote(h5_state_t*hs);
4447
staticinth5_state_attribute_value_no_quote(h5_state_t*hs);
4548
staticinth5_state_after_attribute_value_quoted_state(h5_state_t*hs);
4649
staticinth5_state_comment(h5_state_t*hs);
@@ -60,16 +63,28 @@ static int h5_state_doctype(h5_state_t* hs);
6063
/**
6164
* public function
6265
*/
63-
voidlibinjection_h5_init(h5_state_t*hs,constchar*s,size_tlen,intflags)
66+
voidlibinjection_h5_init(h5_state_t*hs,constchar*s,size_tlen,enumhtml5_flagsflags)
6467
{
6568
memset(hs,0,sizeof(h5_state_t));
6669
hs->s=s;
6770
hs->len=len;
68-
hs->state=h5_state_data;
69-
if (flags==0) {
71+
72+
switch (flags) {
73+
caseDATA_STATE:
7074
hs->state=h5_state_data;
71-
}else {
72-
assert(0);
75+
break;
76+
caseVALUE_NO_QUOTE:
77+
hs->state=h5_state_before_attribute_name;
78+
break;
79+
caseVALUE_SINGLE_QUOTE:
80+
hs->state=h5_state_attribute_value_single_quote;
81+
break;
82+
caseVALUE_DOUBLE_QUOTE:
83+
hs->state=h5_state_attribute_value_double_quote;
84+
break;
85+
caseVALUE_BACK_QUOTE:
86+
hs->state=h5_state_attribute_value_back_quote;
87+
break;
7388
}
7489
}
7590

@@ -85,10 +100,18 @@ int libinjection_h5_next(h5_state_t* hs)
85100
/**
86101
* Everything below here is private
87102
*
88-
*/
103+
*/
104+
89105

90106
staticinth5_is_white(charch)
91107
{
108+
/*
109+
* \t = horizontal tab = 0x09
110+
* \n = newline = 0x0A
111+
* \v = vertical tab = 0x0B
112+
* \f = form feed = 0x0C
113+
* \r = cr = 0x0D
114+
*/
92115
returnstrchr(" \t\n\v\f\r",ch)!=NULL;
93116
}
94117

@@ -97,9 +120,17 @@ static int h5_skip_white(h5_state_t* hs)
97120
charch;
98121
while (hs->pos<hs->len) {
99122
ch=hs->s[hs->pos];
100-
if (ch==' ') {
123+
switch (ch) {
124+
case0x00:/* IE only */
125+
case0x20:
126+
case0x09:
127+
case0x0A:
128+
case0x0B:/* IE only */
129+
case0x0C:
130+
case0x0D:/* IE only */
101131
hs->pos+=1;
102-
}else {
132+
break;
133+
default:
103134
returnch;
104135
}
105136
}
@@ -149,6 +180,9 @@ static int h5_state_tag_open(h5_state_t* hs)
149180
charch;
150181

151182
TRACE();
183+
if (hs->pos >=hs->len) {
184+
return0;
185+
}
152186
ch=hs->s[hs->pos];
153187
if (ch==CHAR_BANG) {
154188
hs->pos+=1;
@@ -167,6 +201,9 @@ static int h5_state_tag_open(h5_state_t* hs)
167201
returnh5_state_bogus_comment2(hs);
168202
}elseif ((ch >='a'&&ch <='z')|| (ch >='A'&&ch <='Z')) {
169203
returnh5_state_tag_name(hs);
204+
}elseif (ch==CHAR_NULL) {
205+
/* IE-ism NULL characters are ignored */
206+
returnh5_state_tag_name(hs);
170207
}else {
171208
/* user input mistake in configuring state */
172209
if (hs->pos==0) {
@@ -197,7 +234,9 @@ static int h5_state_end_tag_open(h5_state_t* hs)
197234
}elseif ((ch >='a'&&ch <='z')|| (ch >='A'&&ch <='Z')) {
198235
returnh5_state_tag_name(hs);
199236
}
200-
returnh5_state_data(hs);
237+
238+
hs->is_close=0;
239+
returnh5_state_bogus_comment(hs);
201240
}
202241
/*
203242
*
@@ -231,7 +270,12 @@ static int h5_state_tag_name(h5_state_t* hs)
231270
pos=hs->pos;
232271
while (pos<hs->len) {
233272
ch=hs->s[pos];
234-
if (h5_is_white(ch)) {
273+
if (ch==0) {
274+
/* special non-standard case */
275+
/* allow nulls in tag name */
276+
/* some old browsers apparently allow and ignore them */
277+
pos+=1;
278+
}elseif (h5_is_white(ch)) {
235279
hs->token_start=hs->s+hs->pos;
236280
hs->token_len=pos-hs->pos;
237281
hs->token_type=TAG_NAME_OPEN;
@@ -299,7 +343,7 @@ static int h5_state_before_attribute_name(h5_state_t* hs)
299343
default: {
300344
returnh5_state_attribute_name(hs);
301345
}
302-
}
346+
}
303347
}
304348

305349
staticinth5_state_attribute_name(h5_state_t*hs)
@@ -308,7 +352,7 @@ static int h5_state_attribute_name(h5_state_t* hs)
308352
size_tpos;
309353

310354
TRACE();
311-
pos=hs->pos;
355+
pos=hs->pos+1;
312356
while (pos<hs->len) {
313357
ch=hs->s[pos];
314358
if (h5_is_white(ch)) {
@@ -358,21 +402,19 @@ static int h5_state_attribute_name(h5_state_t* hs)
358402
staticinth5_state_after_attribute_name(h5_state_t*hs)
359403
{
360404
intc;
361-
size_tpos;
362405

363406
TRACE();
364-
pos=hs->pos;
365407
c=h5_skip_white(hs);
366408
switch (c) {
367409
caseCHAR_EOF: {
368410
return0;
369411
}
370412
caseCHAR_SLASH: {
371-
hs->pos=pos+1;
413+
hs->pos+=1;
372414
returnh5_state_self_closing_start_tag(hs);
373415
}
374416
caseCHAR_EQUALS: {
375-
hs->pos=pos+1;
417+
hs->pos+=1;
376418
returnh5_state_before_attribute_value(hs);
377419
}
378420
caseCHAR_GT: {
@@ -403,6 +445,9 @@ static int h5_state_before_attribute_value(h5_state_t* hs)
403445
returnh5_state_attribute_value_double_quote(hs);
404446
}elseif (c==CHAR_SINGLE) {
405447
returnh5_state_attribute_value_single_quote(hs);
448+
}elseif (c==CHAR_TICK) {
449+
/* NON STANDARD IE */
450+
returnh5_state_attribute_value_back_quote(hs);
406451
}else {
407452
returnh5_state_attribute_value_no_quote(hs);
408453
}
@@ -415,8 +460,16 @@ static int h5_state_attribute_value_quote(h5_state_t* hs, char qchar)
415460

416461
TRACE();
417462

418-
/* skip quote */
419-
hs->pos+=1;
463+
/* skip initial quote in normal case.
464+
* don't do this "if (pos == 0)" since it means we have started
465+
* in a non-data state. given an input of '><foo
466+
* we want to make 0-length attribute name
467+
*/
468+
if (hs->pos>0) {
469+
hs->pos+=1;
470+
}
471+
472+
420473
idx= (constchar*)memchr(hs->s+hs->pos,qchar,hs->len-hs->pos);
421474
if (idx==NULL) {
422475
hs->token_start=hs->s+hs->pos;
@@ -447,6 +500,13 @@ int h5_state_attribute_value_single_quote(h5_state_t* hs)
447500
returnh5_state_attribute_value_quote(hs,CHAR_SINGLE);
448501
}
449502

503+
static
504+
inth5_state_attribute_value_back_quote(h5_state_t*hs)
505+
{
506+
TRACE();
507+
returnh5_state_attribute_value_quote(hs,CHAR_TICK);
508+
}
509+
450510
staticinth5_state_attribute_value_no_quote(h5_state_t*hs)
451511
{
452512
charch;
@@ -656,10 +716,13 @@ static int h5_state_comment(h5_state_t* hs)
656716
charch;
657717
constchar*idx;
658718
size_tpos;
719+
size_toffset;
720+
constchar*end=hs->s+hs->len;
659721

660722
TRACE();
661723
pos=hs->pos;
662724
while (1) {
725+
663726
idx= (constchar*)memchr(hs->s+pos,CHAR_DASH,hs->len-pos);
664727

665728
/* did not find anything or has less than 3 chars left */
@@ -670,21 +733,62 @@ static int h5_state_comment(h5_state_t* hs)
670733
hs->token_type=TAG_COMMENT;
671734
return1;
672735
}
673-
ch=*(idx+1);
736+
offset=1;
737+
738+
/* skip all nulls */
739+
while (idx+offset<end&&*(idx+offset)==0) {
740+
offset+=1;
741+
}
742+
if (idx+offset==end) {
743+
hs->state=h5_state_eof;
744+
hs->token_start=hs->s+hs->pos;
745+
hs->token_len=hs->len-hs->pos;
746+
hs->token_type=TAG_COMMENT;
747+
return1;
748+
}
749+
750+
ch=*(idx+offset);
674751
if (ch!=CHAR_DASH&&ch!=CHAR_BANG) {
675752
pos= (size_t)(idx-hs->s)+1;
676753
continue;
677754
}
678-
ch=*(idx+2);
755+
756+
/* need to test */
757+
#if0
758+
/* skip all nulls */
759+
while (idx+offset<end&&*(idx+offset)==0) {
760+
offset+=1;
761+
}
762+
if (idx+offset==end) {
763+
hs->state=h5_state_eof;
764+
hs->token_start=hs->s+hs->pos;
765+
hs->token_len=hs->len-hs->pos;
766+
hs->token_type=TAG_COMMENT;
767+
return1;
768+
}
769+
#endif
770+
771+
offset+=1;
772+
if (idx+offset==end) {
773+
hs->state=h5_state_eof;
774+
hs->token_start=hs->s+hs->pos;
775+
hs->token_len=hs->len-hs->pos;
776+
hs->token_type=TAG_COMMENT;
777+
return1;
778+
}
779+
780+
781+
ch=*(idx+offset);
679782
if (ch!=CHAR_GT) {
680783
pos= (size_t)(idx-hs->s)+1;
681784
continue;
682785
}
786+
offset+=1;
683787

684788
/* ends in --> or -!> */
685789
hs->token_start=hs->s+hs->pos;
686790
hs->token_len= (size_t)(idx-hs->s)-hs->pos;
687-
hs->pos= (size_t)(idx-hs->s)+3;
791+
hs->pos= (size_t)(idx+offset-hs->s);
688792
hs->state=h5_state_data;
689793
hs->token_type=TAG_COMMENT;
690794
return1;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp