github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixed decoding full-width unicode in t:urlDecodeUni for ASCII range 0xFF01-0xFF5E. Probably need more work/testing. (See #122)

Browse Source
This commit is contained in:
brectanus
2007-05-16 20:09:28 +00:00
parent 97a1718d39
commit eaa8e444dd
2 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -2,10 +2,13 @@
?? ??? 2007 - 2.2.0-trunk ?? ??? 2007 - 2.2.0-trunk
------------------------- -------------------------
* Fixed decoding full-width unicode in t:urlDecodeUni.
* Only calculate debugging vars when we are debugging (more to come). * Only calculate debugging vars when we are debugging (more to come).
* Removed strnlen() calls for non-GNU platforms. * Removed strnlen() calls for non-GNU platforms.
11 May 2007 - 2.2.0-dev1 11 May 2007 - 2.2.0-dev1
------------------------- -------------------------

14
apache2/msc_util.c
View File

@@ -561,8 +561,18 @@ int urldecode_uni_nonstrict_inplace_ex(unsigned char *input, long int input_len)
if ( (VALID_HEX(input[i + 2]))&&(VALID_HEX(input[i + 3])) if ( (VALID_HEX(input[i + 2]))&&(VALID_HEX(input[i + 3]))
&&(VALID_HEX(input[i + 4]))&&(VALID_HEX(input[i + 5])) ) &&(VALID_HEX(input[i + 4]))&&(VALID_HEX(input[i + 5])) )
{ {
/* We make use of the lower byte here, ignoring the higher byte. */ /* We first make use of the lower byte here, ignoring the higher byte. */
*d++ = x2c(&input[i + 4]); *d = x2c(&input[i + 4]);
/* Full width ASCII (ff01 - ff5e) needs 0x20 added */
if ( (*d > 0x00) && (*d < 0x5f)
&& ((input[i + 2] == 'f') || (input[i + 2] == 'F'))
&& ((input[i + 3] == 'f') || (input[i + 3] == 'F')))
{
*d += 0x20;
}
d++;
count++; count++;
i += 6; i += 6;
} else { } else {