commit 05d1951: [Minor] Implement backslashes replacement while we normalise http paths
Vsevolod Stakhov
vsevolod at highsecure.ru
Fri Jul 30 10:28:05 UTC 2021
Author: Vsevolod Stakhov
Date: 2021-07-30 11:25:40 +0100
URL: https://github.com/rspamd/rspamd/commit/05d1951b5cfb9b72378eb3c1bdfdaa025b355789 (HEAD -> master)
[Minor] Implement backslashes replacement while we normalise http paths
---
src/libserver/http/http_util.c | 31 ++++++++++++++++++++++++++++++-
1 file changed, 30 insertions(+), 1 deletion(-)
diff --git a/src/libserver/http/http_util.c b/src/libserver/http/http_util.c
index fd5adb3c1..e6ba314d0 100644
--- a/src/libserver/http/http_util.c
+++ b/src/libserver/http/http_util.c
@@ -312,7 +312,8 @@ rspamd_http_normalize_path_inplace (gchar *path, guint len, gsize *nlen)
st_got_dot_dot,
st_got_slash,
st_got_slash_slash,
- } state = st_normal;
+ st_replace_backslash,
+ } state = st_normal, next_state;
p = path;
end = path + len;
@@ -329,6 +330,11 @@ rspamd_http_normalize_path_inplace (gchar *path, guint len, gsize *nlen)
state = st_got_dot;
dot = p;
}
+ else if (G_UNLIKELY (*p == '\\')) {
+ state = st_replace_backslash;
+ next_state = st_normal;
+ continue;
+ }
else {
*o++ = *p;
}
@@ -340,6 +346,11 @@ rspamd_http_normalize_path_inplace (gchar *path, guint len, gsize *nlen)
*o++ = *p;
state = st_got_slash_slash;
}
+ else if (G_UNLIKELY (*p == '\\')) {
+ state = st_replace_backslash;
+ next_state = st_got_slash;
+ continue;
+ }
else if (G_UNLIKELY (*p == '.')) {
dot = p;
state = st_got_dot;
@@ -375,6 +386,11 @@ rspamd_http_normalize_path_inplace (gchar *path, guint len, gsize *nlen)
/* Ignore last slash */
state = st_normal;
}
+ else if (G_UNLIKELY (*p == '\\')) {
+ state = st_replace_backslash;
+ next_state = st_got_dot;
+ continue;
+ }
else if (*p == '.') {
/* Double dot character */
state = st_got_dot_dot;
@@ -436,6 +452,11 @@ rspamd_http_normalize_path_inplace (gchar *path, guint len, gsize *nlen)
continue;
}
}
+ else if (G_UNLIKELY (*p == '\\')) {
+ state = st_replace_backslash;
+ next_state = st_got_dot_dot;
+ continue;
+ }
else {
/* We have something like ..bla or ... */
if (slash) {
@@ -455,6 +476,14 @@ rspamd_http_normalize_path_inplace (gchar *path, guint len, gsize *nlen)
p ++;
break;
+ case st_replace_backslash:
+ /*
+ * Replace backslash and return to the previous state as it was
+ * a normal slash
+ */
+ *(gchar *)p = '/';
+ state = next_state;
+ break;
}
}
More information about the Commits
mailing list