libinjection sync

2025-08-14 13:56:01 +03:00 · 2013-10-18 14:18:55 +09:00 · 2013-10-18 14:18:55 +09:00 · a5f175d79f
commit a5f175d79f
parent fcb6dc13ed
2 changed files with 44 additions and 18 deletions
--- a/apache2/libinjection/libinjection.h
+++ b/apache2/libinjection/libinjection.h
@ -14,13 +14,6 @@
 extern "C" {
 #endif

-/*
- * Version info.
- * See python's normalized version
- * http://www.python.org/dev/peps/pep-0386/#normalizedversion
- */
-#define LIBINJECTION_VERSION "3.7.1"
-
 /**
 * Libinjection's sqli module makes a "normalized"
 * value of the token.  This is the maximum size
@ -202,6 +195,20 @@ struct libinjection_sqli_token* libinjection_sqli_get_token(

 typedef struct libinjection_sqli_state sfilter;

+
+/*
+ * Version info.
+ *
+ * This is moved into a function to allow SWIG and other auto-generated
+ * binding to not be modified during minor release changes.  We change
+ * change the version number in the c source file, and not regenerated
+ * the binding
+ *
+ * See python's normalized version
+ * http://www.python.org/dev/peps/pep-0386/#normalizedversion
+ */
+const char* libinjection_version();
+
 /**
 *
 */
--- a/apache2/libinjection/libinjection_sqli.c
+++ b/apache2/libinjection/libinjection_sqli.c
@ -14,6 +14,8 @@
 #include <assert.h>
 #include <stddef.h>

+#define LIBINJECTION_VERSION "3.8.0"
+
 #ifndef TRUE
 #define TRUE 1
 #endif
@ -887,7 +889,7 @@ static size_t parse_word(struct libinjection_sqli_state * sf)
    const char *cs = sf->s;
    size_t pos = sf->pos;
    size_t wlen = strlencspn(cs + pos, sf->slen - pos,
-                             " []{}<>:\\?=@!#~+-*/&|^%(),';\t\n\v\f\r\"\000");
+                             " []{}<>:\\?=@!#~+-*/&|^%(),';\t\n\v\f\r\"\240\000");

    st_assign(sf->current, TYPE_BAREWORD, pos, wlen, cs + pos);

@ -1187,6 +1189,16 @@ static size_t parse_number(struct libinjection_sqli_state * sf)
    return pos;
 }

+/*
+ * API to return version.  This allows us to increment the version
+ * without having to regenerated the SWIG (or other binding) in minor
+ * releases.
+ */
+const char* libinjection_version()
+{
+    return LIBINJECTION_VERSION;
+}
+
 int libinjection_sqli_tokenize(struct libinjection_sqli_state * sf)
 {
    pt2Function fnptr;
@ -1218,7 +1230,7 @@ int libinjection_sqli_tokenize(struct libinjection_sqli_state * sf)
        /*
         * get current character
         */
-        const unsigned ch = (unsigned int) (s[*pos]);
+        const unsigned char ch = (unsigned int) (s[*pos]);

        /*
         * if not ascii, then continue...
@ -1226,16 +1238,23 @@ int libinjection_sqli_tokenize(struct libinjection_sqli_state * sf)
         *   it's a string
         */
        if (ch > 127) {
-            fnptr = parse_word;
-        } else {

-        /*
-         * look up the parser, and call it
-         *
-         * Porting Note: this is mapping of char to function
-         *   charparsers[ch]()
-         */
-        fnptr = char_parse_map[ch];
+            /* 160 or 0xA0 or octal 240 is "latin1 non-breaking space"
+             * but is treated as a space in mysql.
+             */
+            if (ch == 160) {
+                fnptr = parse_white;
+            } else {
+                fnptr = parse_word;
+            }
+        } else {
+            /*
+             * look up the parser, and call it
+             *
+             * Porting Note: this is mapping of char to function
+             *   charparsers[ch]()
+             */
+            fnptr = char_parse_map[ch];
        }
        *pos = (*fnptr) (sf);