Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commita4724df

Browse files
author
Felipe Zimmerle
committed
Updates the libinjection
1 parent2c07a17 commita4724df

File tree

7 files changed

+1158
-702
lines changed

7 files changed

+1158
-702
lines changed

‎CHANGES‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
DD MMM YYYY - 2.9.2 - To be released
22
------------------------------------
33

4+
* Updates libinjection to: da027ab52f9cf14401dd92e34e6683d183bdb3b4
5+
[ModSecurity team]
46
* {dis|en}able-handler-logging: Option to disable logging of Apache handler
57
in audit log
68
[Issue #1070, #1381 - Marc Stern]

‎apache2/libinjection/libinjection.h‎

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,14 @@
11
/**
2-
* Copyright 2012, 2013 Nick Galbreath
2+
* Copyright 2012-2016 Nick Galbreath
33
* nickg@client9.com
44
* BSD License -- see COPYING.txt for details
55
*
66
* https://libinjection.client9.com/
77
*
88
*/
99

10-
#ifndef_LIBINJECTION_H
11-
#define_LIBINJECTION_H
10+
#ifndefLIBINJECTION_H
11+
#defineLIBINJECTION_H
1212

1313
#ifdef__cplusplus
1414
# defineLIBINJECTION_BEGIN_DECLS extern "C" {
@@ -49,9 +49,9 @@ const char* libinjection_version(void);
4949
*/
5050
intlibinjection_sqli(constchar*s,size_tslen,charfingerprint[]);
5151

52-
/** ALPHA version of xss detector.
52+
/** ALPHA version of xss detector.
5353
*
54-
* NOT DONE.
54+
* NOT DONE.
5555
*
5656
* \param[in] s input string, may contain nulls, does not need to be null-terminated
5757
* \param[in] slen input string length
@@ -62,4 +62,4 @@ int libinjection_xss(const char* s, size_t slen);
6262

6363
LIBINJECTION_END_DECLS
6464

65-
#endif/*_LIBINJECTION_H */
65+
#endif/*LIBINJECTION_H */

‎apache2/libinjection/libinjection_html5.c‎

Lines changed: 85 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -71,20 +71,20 @@ void libinjection_h5_init(h5_state_t* hs, const char* s, size_t len, enum html5_
7171

7272
switch (flags) {
7373
caseDATA_STATE:
74-
hs->state=h5_state_data;
75-
break;
74+
hs->state=h5_state_data;
75+
break;
7676
caseVALUE_NO_QUOTE:
77-
hs->state=h5_state_before_attribute_name;
78-
break;
77+
hs->state=h5_state_before_attribute_name;
78+
break;
7979
caseVALUE_SINGLE_QUOTE:
80-
hs->state=h5_state_attribute_value_single_quote;
81-
break;
80+
hs->state=h5_state_attribute_value_single_quote;
81+
break;
8282
caseVALUE_DOUBLE_QUOTE:
83-
hs->state=h5_state_attribute_value_double_quote;
84-
break;
83+
hs->state=h5_state_attribute_value_double_quote;
84+
break;
8585
caseVALUE_BACK_QUOTE:
86-
hs->state=h5_state_attribute_value_back_quote;
87-
break;
86+
hs->state=h5_state_attribute_value_back_quote;
87+
break;
8888
}
8989
}
9090

@@ -100,10 +100,18 @@ int libinjection_h5_next(h5_state_t* hs)
100100
/**
101101
* Everything below here is private
102102
*
103-
*/
103+
*/
104+
104105

105106
staticinth5_is_white(charch)
106107
{
108+
/*
109+
* \t = horizontal tab = 0x09
110+
* \n = newline = 0x0A
111+
* \v = vertical tab = 0x0B
112+
* \f = form feed = 0x0C
113+
* \r = cr = 0x0D
114+
*/
107115
returnstrchr(" \t\n\v\f\r",ch)!=NULL;
108116
}
109117

@@ -112,19 +120,19 @@ static int h5_skip_white(h5_state_t* hs)
112120
charch;
113121
while (hs->pos<hs->len) {
114122
ch=hs->s[hs->pos];
115-
switch (ch) {
116-
case0x00:/* IE only */
117-
case0x20:
118-
case0x09:
119-
case0x0A:
120-
case0x0B:/* IE only */
121-
case0x0C:
123+
switch (ch) {
124+
case0x00:/* IE only */
125+
case0x20:
126+
case0x09:
127+
case0x0A:
128+
case0x0B:/* IE only */
129+
case0x0C:
122130
case0x0D:/* IE only */
123131
hs->pos+=1;
124-
break;
125-
default:
132+
break;
133+
default:
126134
returnch;
127-
}
135+
}
128136
}
129137
returnCHAR_EOF;
130138
}
@@ -259,12 +267,12 @@ static int h5_state_tag_name(h5_state_t* hs)
259267
pos=hs->pos;
260268
while (pos<hs->len) {
261269
ch=hs->s[pos];
262-
if (ch==0) {
263-
/* special non-standard case */
264-
/* allow nulls in tag name */
265-
/* some old browsers apparently allow and ignore them */
266-
pos+=1;
267-
}elseif (h5_is_white(ch)) {
270+
if (ch==0) {
271+
/* special non-standard case */
272+
/* allow nulls in tag name */
273+
/* some old browsers apparently allow and ignore them */
274+
pos+=1;
275+
}elseif (h5_is_white(ch)) {
268276
hs->token_start=hs->s+hs->pos;
269277
hs->token_len=pos-hs->pos;
270278
hs->token_type=TAG_NAME_OPEN;
@@ -332,7 +340,7 @@ static int h5_state_before_attribute_name(h5_state_t* hs)
332340
default: {
333341
returnh5_state_attribute_name(hs);
334342
}
335-
}
343+
}
336344
}
337345

338346
staticinth5_state_attribute_name(h5_state_t*hs)
@@ -450,12 +458,12 @@ static int h5_state_attribute_value_quote(h5_state_t* hs, char qchar)
450458
TRACE();
451459

452460
/* skip initial quote in normal case.
453-
*dont do thisispos == 0 since it means we have started
461+
*don't do this"if (pos == 0)" since it means we have started
454462
* in a non-data state. given an input of '><foo
455463
* we want to make 0-length attribute name
456464
*/
457465
if (hs->pos>0) {
458-
hs->pos+=1;
466+
hs->pos+=1;
459467
}
460468

461469

@@ -705,10 +713,13 @@ static int h5_state_comment(h5_state_t* hs)
705713
charch;
706714
constchar*idx;
707715
size_tpos;
716+
size_toffset;
717+
constchar*end=hs->s+hs->len;
708718

709719
TRACE();
710720
pos=hs->pos;
711721
while (1) {
722+
712723
idx= (constchar*)memchr(hs->s+pos,CHAR_DASH,hs->len-pos);
713724

714725
/* did not find anything or has less than 3 chars left */
@@ -719,21 +730,62 @@ static int h5_state_comment(h5_state_t* hs)
719730
hs->token_type=TAG_COMMENT;
720731
return1;
721732
}
722-
ch=*(idx+1);
733+
offset=1;
734+
735+
/* skip all nulls */
736+
while (idx+offset<end&&*(idx+offset)==0) {
737+
offset+=1;
738+
}
739+
if (idx+offset==end) {
740+
hs->state=h5_state_eof;
741+
hs->token_start=hs->s+hs->pos;
742+
hs->token_len=hs->len-hs->pos;
743+
hs->token_type=TAG_COMMENT;
744+
return1;
745+
}
746+
747+
ch=*(idx+offset);
723748
if (ch!=CHAR_DASH&&ch!=CHAR_BANG) {
724749
pos= (size_t)(idx-hs->s)+1;
725750
continue;
726751
}
727-
ch=*(idx+2);
752+
753+
/* need to test */
754+
#if0
755+
/* skip all nulls */
756+
while (idx+offset<end&&*(idx+offset)==0) {
757+
offset+=1;
758+
}
759+
if (idx+offset==end) {
760+
hs->state=h5_state_eof;
761+
hs->token_start=hs->s+hs->pos;
762+
hs->token_len=hs->len-hs->pos;
763+
hs->token_type=TAG_COMMENT;
764+
return1;
765+
}
766+
#endif
767+
768+
offset+=1;
769+
if (idx+offset==end) {
770+
hs->state=h5_state_eof;
771+
hs->token_start=hs->s+hs->pos;
772+
hs->token_len=hs->len-hs->pos;
773+
hs->token_type=TAG_COMMENT;
774+
return1;
775+
}
776+
777+
778+
ch=*(idx+offset);
728779
if (ch!=CHAR_GT) {
729780
pos= (size_t)(idx-hs->s)+1;
730781
continue;
731782
}
783+
offset+=1;
732784

733785
/* ends in --> or -!> */
734786
hs->token_start=hs->s+hs->pos;
735787
hs->token_len= (size_t)(idx-hs->s)-hs->pos;
736-
hs->pos= (size_t)(idx-hs->s)+3;
788+
hs->pos= (size_t)(idx+offset-hs->s);
737789
hs->state=h5_state_data;
738790
hs->token_type=TAG_COMMENT;
739791
return1;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp