github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-14 07:27:09 +03:00
Code Issues Packages Projects Releases Wiki Activity

ModSecurty-2.5.13-dev2

Browse Source
This commit is contained in:
brenosilva
2010-11-01 13:41:54 +00:00
parent ccbb98e21e
commit 3e715d9bca
11 changed files with 323 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
apache2/re_tfns.c
View File

@@ -25,6 +25,30 @@
#include "re.h"
#include "msc_util.h"
/* Base64 tables used in decodeBase64Ext */
static const char b64_pad = '=';
static const short b64_reverse_t[256] = {
-2, -2, -2, -2, -2, -2, -2, -2, -2, -1, -1, -2, -2, -1, -2, -2,
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
-1, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, 62, -2, -2, -2, 63,
52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -2, -2, -2, -2, -2, -2,
-2, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -2, -2, -2, -2, -2,
-2, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -2, -2, -2, -2, -2,
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2
};
/* lowercase */
static int msre_fn_lowercase_execute(apr_pool_t *mptmp, unsigned char *input,
@@ -572,6 +596,95 @@ static int msre_fn_parityOdd7bit_execute(apr_pool_t *mptmp, unsigned char *input
return changed;
}
/*
* \brief Decode Base64 data with special chars
*
* \param plain_text Pointer to plain text data
* \param input Pointer to input data
* \param input_len Input data length
*
* \retval 0 On failure
* \retval string length On Success
*/
int decode_base64_ext(char *plain_text, const char *input, int input_len)
{
const char *encoded = input;
int i = 0, j = 0, k = 0;
int ch = 0;
while ((ch = *encoded++) != '\0' && input_len-- > 0) {
if (ch == b64_pad) {
if (*encoded != '=' && (i % 4) == 1) {
return 0;
}
continue;
}
ch = b64_reverse_t[ch];
if (ch < 0 || ch == -1) {
continue;
} else if (ch == -2) {
return 0;
}
switch(i % 4) {
case 0:
plain_text[j] = ch << 2;
break;
case 1:
plain_text[j++] |= ch >> 4;
plain_text[j] = (ch & 0x0f) << 4;
break;
case 2:
plain_text[j++] |= ch >>2;
plain_text[j] = (ch & 0x03) << 6;
break;
case 3:
plain_text[j++] |= ch;
break;
}
i++;
}
k = j;
if (ch == b64_pad) {
switch(i % 4) {
case 1:
return 0;
case 2:
k++;
case 3:
plain_text[k] = 0;
}
}
plain_text[j] = '\0';
return j;
}
/*
* \brief Base64 transformation function based on RFC2045
*
* \param mptmp Pointer to resource poil
* \param input Pointer to input data
* \param input_len Input data length
* \param rval Pointer to decoded buffer
* \param rval_len Decoded buffer length
*
* \retval 0 On failure
* \retval 1 On Success
*/
static int msre_fn_decodeBase64Ext_execute(apr_pool_t *mptmp, unsigned char *input, long int input_len, char **rval, long int *rval_len)
{
*rval_len = input_len;
*rval = apr_palloc(mptmp, *rval_len);
*rval_len = decode_base64_ext(*rval, (const char *)input, input_len);
return *rval_len ? 1 : 0;
}
/* ------------------------------------------------------------------------------ */
/**
@@ -775,4 +888,11 @@ void msre_engine_register_default_tfns(msre_engine *engine) {
"urlEncode",
msre_fn_urlEncode_execute
);
/* decodeBase64Ext */
msre_engine_tfn_register(engine,
"decodeBase64Ext",
msre_fn_decodeBase64Ext_execute
);
}