github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix jsDecode \xHH to verify HH is there and valid hex. See #439.

Browse Source
This commit is contained in:
brectanus 2007-12-19 00:31:08 +00:00
parent 5da9a05d1c
commit d2dee97a31
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apache2/msc_util.c
View File

@ -611,7 +611,8 @@ int js_decode_nonstrict_inplace(unsigned char *input, long int input_len) {
count++;
i += 6;
}
else if ((i + 3 < input_len) && (input[i + 1] == 'x')) {
else if ( (i + 3 < input_len) && (input[i + 1] == 'x')
&& VALID_HEX(input[i + 2]) && VALID_HEX(input[i + 3])) {
/* \xHH */
*d++ = x2c(&input[i + 2]);
count++;