mirror of
https://github.com/nginx/nginx.git
synced 2024-12-01 13:09:10 -06:00
escape " ", "%", and %00-%1F in login and password
This commit is contained in:
parent
4edb1d61e9
commit
d4ff561681
@ -1019,7 +1019,7 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type)
|
||||
0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
};
|
||||
|
||||
/* " ", """, "%", "'", %00-%1F, %7F-%FF */
|
||||
/* " ", "#", """, "%", "'", %00-%1F, %7F-%FF */
|
||||
|
||||
static uint32_t html[] = {
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
@ -1039,13 +1039,13 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type)
|
||||
0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
};
|
||||
|
||||
/* " ", """, "'", %00-%1F, %7F-%FF */
|
||||
/* " ", """, "%", "'", %00-%1F, %7F-%FF */
|
||||
|
||||
static uint32_t refresh[] = {
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
|
||||
/* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
|
||||
0x00000085, /* 0000 0000 0000 0000 0000 0000 1000 0101 */
|
||||
0x000000a5, /* 0000 0000 0000 0000 0000 0000 1010 0101 */
|
||||
|
||||
/* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
|
||||
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
@ -1059,13 +1059,13 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type)
|
||||
0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
};
|
||||
|
||||
/* " ", %00-%1F */
|
||||
/* " ", "%", %00-%1F */
|
||||
|
||||
static uint32_t memcached[] = {
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
|
||||
/* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
|
||||
0x00000001, /* 0000 0000 0000 0000 0000 0000 0000 0001 */
|
||||
0x00000021, /* 0000 0000 0000 0000 0000 0000 0010 0001 */
|
||||
|
||||
/* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
|
||||
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
@ -1079,7 +1079,10 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type)
|
||||
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
};
|
||||
|
||||
static uint32_t *map[] = { uri, args, html, refresh, memcached };
|
||||
/* mail_auth is the same as memcached */
|
||||
|
||||
static uint32_t *map[] =
|
||||
{ uri, args, html, refresh, memcached, memcached };
|
||||
|
||||
|
||||
escape = map[type];
|
||||
|
@ -155,6 +155,7 @@ u_char *ngx_utf_cpystrn(u_char *dst, u_char *src, size_t n);
|
||||
#define NGX_ESCAPE_HTML 2
|
||||
#define NGX_ESCAPE_REFRESH 3
|
||||
#define NGX_ESCAPE_MEMCACHED 4
|
||||
#define NGX_ESCAPE_MAIL_AUTH 5
|
||||
|
||||
#define NGX_UNESCAPE_URI 1
|
||||
|
||||
|
@ -1251,18 +1251,10 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
|
||||
static ngx_int_t
|
||||
ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped)
|
||||
{
|
||||
u_char ch, *p;
|
||||
ngx_uint_t i, n;
|
||||
u_char *p;
|
||||
uintptr_t n;
|
||||
|
||||
n = 0;
|
||||
|
||||
for (i = 0; i < text->len; i++) {
|
||||
ch = text->data[i];
|
||||
|
||||
if (ch == CR || ch == LF) {
|
||||
n++;
|
||||
}
|
||||
}
|
||||
n = ngx_escape_uri(NULL, text->data, text->len, NGX_ESCAPE_MAIL_AUTH);
|
||||
|
||||
if (n == 0) {
|
||||
*escaped = *text;
|
||||
@ -1276,28 +1268,10 @@ ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped)
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
(void) ngx_escape_uri(p, text->data, text->len, NGX_ESCAPE_MAIL_AUTH);
|
||||
|
||||
escaped->data = p;
|
||||
|
||||
for (i = 0; i < text->len; i++) {
|
||||
ch = text->data[i];
|
||||
|
||||
if (ch == CR) {
|
||||
*p++ = '%';
|
||||
*p++ = '0';
|
||||
*p++ = 'D';
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ch == LF) {
|
||||
*p++ = '%';
|
||||
*p++ = '0';
|
||||
*p++ = 'A';
|
||||
continue;
|
||||
}
|
||||
|
||||
*p++ = ch;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
@ -434,6 +434,10 @@ ngx_int_t ngx_imap_parse_command(ngx_mail_session_t *s)
|
||||
break;
|
||||
|
||||
case sw_argument:
|
||||
if (ch == ' ' && s->quoted) {
|
||||
break;
|
||||
}
|
||||
|
||||
switch (ch) {
|
||||
case '"':
|
||||
if (!s->quoted) {
|
||||
|
Loading…
Reference in New Issue
Block a user