static sp_reason spdist(const char *s, const char *t)
{
for (; ap_tolower(*s) == ap_tolower(*t); t++, s++) {
if (*t == '\0') {
return SP_MISCAPITALIZED; /* exact match (sans case) */
}
}
if (*s) {
if (*t) {
if (s[1] && t[1] && ap_tolower(*s) == ap_tolower(t[1])
&& ap_tolower(*t) == ap_tolower(s[1])
&& strcasecmp(s + 2, t + 2) == 0) {
return SP_TRANSPOSITION; /* transposition */
}
if (strcasecmp(s + 1, t + 1) == 0) {
return SP_SIMPLETYPO; /* 1 char mismatch */
}
}
if (strcasecmp(s + 1, t) == 0) {
return SP_EXTRACHAR; /* extra character */
}
}
if (*t && strcasecmp(s, t + 1) == 0) {
return SP_MISSINGCHAR; /* missing character */
}
return SP_VERYDIFFERENT; /* distance too large to fix. */
}
static const char *rangematch(const char *pattern, int test, int flags)
{
int negate, ok;
char c, c2;
/*
* A bracket expression starting with an unquoted circumflex
* character produces unspecified results (IEEE 1003.2-1992,
* 3.13.2). This implementation treats it like '!', for
* consistency with the regular expression syntax.
* J.T. Conklin ([email protected])
*/
if ((negate = (*pattern == '!' || *pattern == '^'))) {
++pattern;
}
for (ok = 0; (c = *pattern++) != ']';) {
if (c == '\\' && !(flags & FNM_NOESCAPE)) {
c = *pattern++;
}
if (c == EOS) {
return (NULL);
}
if (*pattern == '-' && (c2 = *(pattern + 1)) != EOS && c2 != ']') {
pattern += 2;
if (c2 == '\\' && !(flags & FNM_NOESCAPE)) {
c2 = *pattern++;
}
if (c2 == EOS) {
return (NULL);
}
if ((c <= test && test <= c2)
|| ((flags & FNM_CASE_BLIND)
&& ((ap_tolower(c) <= ap_tolower(test))
&& (ap_tolower(test) <= ap_tolower(c2))))) {
ok = 1;
}
}
else if ((c == test)
|| ((flags & FNM_CASE_BLIND)
&& (ap_tolower(c) == ap_tolower(test)))) {
ok = 1;
}
}
return (ok == negate ? NULL : pattern);
}
char *get_tag(int tagbuf_len)
{
char *tag_val, c, term;
t = 0;
--tagbuf_len;
do {
GET_CHAR(c, NULL);
} while (ap_isspace(c));
if (c == '-') {
GET_CHAR(c, NULL);
if (c == '-') {
do {
GET_CHAR(c, NULL);
} while (ap_isspace(c));
if (c == '>') {
ap_cpystrn(tag, "done", tagbuf_len);
return tag;
}
}
return NULL;
}
while (1) {
if (t == tagbuf_len) {
tag[t] = EOS;
return NULL;
}
if (c == '=' || ap_isspace(c)) {
break;
}
tag[t] = ap_tolower(c);
t++;
GET_CHAR(c, NULL);
}
tag[t] = EOS;
t++;
tag_val = tag + t;
while (ap_isspace(c)) {
GET_CHAR(c, NULL);
}
if (c != '=') {
return NULL;
}
do {
GET_CHAR(c, NULL);
} while (ap_isspace(c));
if (c != '"' && c != '\'') {
return NULL;
}
term = c;
while (1) {
GET_CHAR(c, NULL);
if (t == tagbuf_len) { /* Suppose t == tagbuf_len - 1 */
tag[t] = EOS;
return NULL;
}
if (c == '\\') {
GET_CHAR(c, NULL);
if (c != term) {
/* OK */
tag[t] = '\\';
t++;
if (t == tagbuf_len) {
/* OK */
__TESTCLAIM_1:
tag[t] = EOS;
return NULL;
}
}
}
else if (c == term) {
break;
}
/* OK */
tag[t] = c;
t++; /* Now t == tagbuf_len + 1
* So the bounds check (t == tagbuf_len) will fail */
}
/* OK */
tag[t] = EOS;
return tag;
}
API_EXPORT(int) ap_fnmatch(const char *pattern, const char *string, int flags)
{
const char *stringstart;
char c, test;
for (stringstart = string;;) {
switch (c = *pattern++) {
case EOS:
return (*string == EOS ? 0 : FNM_NOMATCH);
case '?':
if (*string == EOS) {
return (FNM_NOMATCH);
}
if (*string == '/' && (flags & FNM_PATHNAME)) {
return (FNM_NOMATCH);
}
if (*string == '.' && (flags & FNM_PERIOD) &&
(string == stringstart ||
((flags & FNM_PATHNAME) && *(string - 1) == '/'))) {
return (FNM_NOMATCH);
}
++string;
break;
case '*':
c = *pattern;
/* Collapse multiple stars. */
while (c == '*') {
c = *++pattern;
}
if (*string == '.' && (flags & FNM_PERIOD) &&
(string == stringstart ||
((flags & FNM_PATHNAME) && *(string - 1) == '/'))) {
return (FNM_NOMATCH);
}
/* Optimize for pattern with * at end or before /. */
if (c == EOS) {
if (flags & FNM_PATHNAME) {
return (strchr(string, '/') == NULL ? 0 : FNM_NOMATCH);
}
else {
return (0);
}
}
else if (c == '/' && flags & FNM_PATHNAME) {
if ((string = strchr(string, '/')) == NULL) {
return (FNM_NOMATCH);
}
break;
}
/* General case, use recursion. */
while ((test = *string) != EOS) {
if (!ap_fnmatch(pattern, string, flags & ~FNM_PERIOD)) {
return (0);
}
if (test == '/' && flags & FNM_PATHNAME) {
break;
}
++string;
}
return (FNM_NOMATCH);
case '[':
if (*string == EOS) {
return (FNM_NOMATCH);
}
if (*string == '/' && flags & FNM_PATHNAME) {
return (FNM_NOMATCH);
}
if (*string == '.' && (flags & FNM_PERIOD) &&
(string == stringstart ||
((flags & FNM_PATHNAME) && *(string - 1) == '/'))) {
return (FNM_NOMATCH);
}
if ((pattern = rangematch(pattern, *string, flags)) == NULL) {
return (FNM_NOMATCH);
}
++string;
break;
case '\\':
if (!(flags & FNM_NOESCAPE)) {
if ((c = *pattern++) == EOS) {
c = '\\';
--pattern;
}
}
/* FALLTHROUGH */
default:
if (flags & FNM_CASE_BLIND) {
if (ap_tolower(c) != ap_tolower(*string)) {
return (FNM_NOMATCH);
}
}
else if (c != *string) {
return (FNM_NOMATCH);
}
string++;
break;
}
/* NOTREACHED */
}
}
char *get_tag(char *tag , int tagbuf_len )
{ char *tag_val ;
char c ;
char term ;
int t ;
int tmp ;
int tmp___0 ;
int tmp___1 ;
int tmp___2 ;
int tmp___3 ;
int tmp___4 ;
int tmp___5 ;
int tmp___6 ;
int tmp___7 ;
int tmp___8 ;
int tmp___9 ;
int tmp___10 ;
int tmp___11 ;
int tmp___12 ;
int __cil_tmp21 ;
int __cil_tmp22 ;
int __cil_tmp23 ;
void *__cil_tmp24 ;
char *__cil_tmp25 ;
void *__cil_tmp26 ;
int __cil_tmp27 ;
char *__cil_tmp28 ;
char *__cil_tmp29 ;
int __cil_tmp30 ;
void *__cil_tmp31 ;
int __cil_tmp32 ;
int __cil_tmp33 ;
void *__cil_tmp34 ;
char *__cil_tmp35 ;
void *__cil_tmp36 ;
int __cil_tmp37 ;
int __cil_tmp38 ;
int __cil_tmp39 ;
int __cil_tmp40 ;
char *__cil_tmp41 ;
char *__cil_tmp42 ;
void *__cil_tmp43 ;
int __cil_tmp44 ;
int __cil_tmp45 ;
int __cil_tmp46 ;
char *__cil_tmp47 ;
char *__cil_tmp48 ;
{
#line 9
t = 0;
#line 11
tagbuf_len = tagbuf_len - 1;
{
#line 13
while (1) {
while_0_continue: /* CIL Label */ ;
{
#line 14
tmp = __VERIFIER_nondet_char();
#line 14
c = (char )tmp;
#line 13
tmp___0 = ap_isspace(c);
}
#line 13
if (tmp___0) {
} else {
goto while_0_break;
}
}
while_0_break: /* CIL Label */ ;
}
{
#line 17
__cil_tmp21 = (int )c;
#line 17
if (__cil_tmp21 == 45) {
{
#line 18
tmp___1 = __VERIFIER_nondet_char();
#line 18
c = (char )tmp___1;
}
{
#line 19
__cil_tmp22 = (int )c;
#line 19
if (__cil_tmp22 == 45) {
{
#line 20
while (1) {
while_1_continue: /* CIL Label */ ;
{
#line 21
tmp___2 = __VERIFIER_nondet_char();
#line 21
c = (char )tmp___2;
#line 20
tmp___3 = ap_isspace(c);
}
#line 20
if (tmp___3) {
} else {
goto while_1_break;
}
}
while_1_break: /* CIL Label */ ;
}
{
#line 23
__cil_tmp23 = (int )c;
#line 23
if (__cil_tmp23 == 62) {
{
#line 24
ap_cpystrn(tag, "done", tagbuf_len);
}
#line 25
return (tag);
} else {
}
}
} else {
}
}
{
#line 28
__cil_tmp24 = (void *)0;
#line 28
return ((char *)__cil_tmp24);
}
} else {
}
}
{
#line 31
while (1) {
while_2_continue: /* CIL Label */ ;
#line 32
if (t == tagbuf_len) {
#line 33
__cil_tmp25 = tag + t;
#line 33
*__cil_tmp25 = (char)0;
{
#line 34
__cil_tmp26 = (void *)0;
#line 34
return ((char *)__cil_tmp26);
}
} else {
}
{
#line 36
__cil_tmp27 = (int )c;
#line 36
if (__cil_tmp27 == 61) {
goto while_2_break;
} else {
{
#line 36
tmp___4 = ap_isspace(c);
}
#line 36
if (tmp___4) {
goto while_2_break;
} else {
}
}
}
{
#line 39
tmp___5 = ap_tolower(c);
#line 39
__cil_tmp28 = tag + t;
#line 39
*__cil_tmp28 = (char )tmp___5;
#line 40
t = t + 1;
#line 41
tmp___6 = __VERIFIER_nondet_char();
#line 41
c = (char )tmp___6;
}
}
while_2_break: /* CIL Label */ ;
}
#line 44
__cil_tmp29 = tag + t;
#line 44
*__cil_tmp29 = (char)0;
#line 45
t = t + 1;
#line 46
tag_val = tag + t;
{
#line 48
while (1) {
while_3_continue: /* CIL Label */ ;
{
#line 48
tmp___8 = ap_isspace(c);
}
#line 48
if (tmp___8) {
} else {
goto while_3_break;
}
{
#line 49
tmp___7 = __VERIFIER_nondet_char();
#line 49
c = (char )tmp___7;
}
}
while_3_break: /* CIL Label */ ;
}
{
#line 51
__cil_tmp30 = (int )c;
#line 51
if (__cil_tmp30 != 61) {
{
#line 52
__cil_tmp31 = (void *)0;
#line 52
return ((char *)__cil_tmp31);
}
} else {
}
}
{
#line 55
while (1) {
while_4_continue: /* CIL Label */ ;
{
#line 56
tmp___9 = __VERIFIER_nondet_char();
#line 56
c = (char )tmp___9;
#line 55
tmp___10 = ap_isspace(c);
}
#line 55
if (tmp___10) {
} else {
goto while_4_break;
}
}
while_4_break: /* CIL Label */ ;
}
{
#line 59
__cil_tmp32 = (int )c;
#line 59
if (__cil_tmp32 != 34) {
{
#line 59
__cil_tmp33 = (int )c;
#line 59
if (__cil_tmp33 != 39) {
{
#line 60
__cil_tmp34 = (void *)0;
#line 60
return ((char *)__cil_tmp34);
}
} else {
}
}
} else {
}
}
#line 62
term = c;
{
#line 63
while (1) {
while_5_continue: /* CIL Label */ ;
{
#line 64
tmp___11 = __VERIFIER_nondet_char();
#line 64
c = (char )tmp___11;
}
#line 65
if (t == tagbuf_len) {
#line 66
__cil_tmp35 = tag + t;
#line 66
*__cil_tmp35 = (char)0;
{
#line 67
__cil_tmp36 = (void *)0;
#line 67
return ((char *)__cil_tmp36);
}
} else {
}
{
#line 70
__cil_tmp37 = (int )c;
#line 70
if (__cil_tmp37 == 92) {
{
#line 71
tmp___12 = __VERIFIER_nondet_char();
#line 71
c = (char )tmp___12;
}
{
#line 72
__cil_tmp38 = (int )term;
#line 72
__cil_tmp39 = (int )c;
#line 72
if (__cil_tmp39 != __cil_tmp38) {
{
#line 74
__cil_tmp40 = t + 1;
#line 74
if (__cil_tmp40 < tagbuf_len) {
} else {
{
#line 74
__assert_fail("t + 1 < tagbuf_len", "../versisec/apache/progs/apacheCVE-2004-0940get_tag_iter1_prefixLong_arr_ok.c",
74U, "get_tag");
}
}
}
#line 77
__cil_tmp41 = tag + t;
#line 77
*__cil_tmp41 = (char )'\\';
#line 78
t = t + 1;
#line 79
if (t == tagbuf_len) {
#line 81
__cil_tmp42 = tag + t;
#line 81
*__cil_tmp42 = (char)0;
{
#line 82
__cil_tmp43 = (void *)0;
#line 82
return ((char *)__cil_tmp43);
}
} else {
}
} else {
}
}
} else {
{
#line 86
__cil_tmp44 = (int )term;
#line 86
__cil_tmp45 = (int )c;
#line 86
if (__cil_tmp45 == __cil_tmp44) {
goto while_5_break;
} else {
}
}
}
}
{
#line 91
__cil_tmp46 = t + 2;
#line 91
if (__cil_tmp46 < tagbuf_len) {
} else {
{
#line 91
__assert_fail("t + 2 < tagbuf_len", "../versisec/apache/progs/apacheCVE-2004-0940get_tag_iter1_prefixLong_arr_ok.c",
91U, "get_tag");
}
}
}
#line 94
__cil_tmp47 = tag + t;
#line 94
*__cil_tmp47 = c;
#line 95
t = t + 1;
}
while_5_break: /* CIL Label */ ;
}
#line 99
__cil_tmp48 = tag + t;
#line 99
*__cil_tmp48 = (char)0;
#line 101
return (tag);
}
}
static void vhost_alias_interpolate(request_rec *r, const char *name,
const char *map, const char *uri)
{
/* 0..9 9..0 */
enum { MAXDOTS = 19 };
const char *dots[MAXDOTS+1];
int ndots;
char buf[HUGE_STRING_LEN];
char *dest, last;
int N, M, Np, Mp, Nd, Md;
const char *start, *end;
const char *p;
ndots = 0;
dots[ndots++] = name-1; /* slightly naughty */
for (p = name; *p; ++p){
if (*p == '.' && ndots < MAXDOTS) {
dots[ndots++] = p;
}
}
dots[ndots] = p;
r->filename = NULL;
dest = buf;
last = '\0';
while (*map) {
if (*map != '%') {
/* normal characters */
vhost_alias_checkspace(r, buf, &dest, 1);
last = *dest++ = *map++;
continue;
}
/* we are in a format specifier */
++map;
/* can't be a slash */
last = '\0';
/* %% -> % */
if (*map == '%') {
++map;
vhost_alias_checkspace(r, buf, &dest, 1);
*dest++ = '%';
continue;
}
/* port number */
if (*map == 'p') {
++map;
/* no. of decimal digits in a short plus one */
vhost_alias_checkspace(r, buf, &dest, 7);
dest += ap_snprintf(dest, 7, "%d", ap_get_server_port(r));
continue;
}
/* deal with %-N+.-M+ -- syntax is already checked */
N = M = 0; /* value */
Np = Mp = 0; /* is there a plus? */
Nd = Md = 0; /* is there a dash? */
if (*map == '-') ++map, Nd = 1;
N = *map++ - '0';
if (*map == '+') ++map, Np = 1;
if (*map == '.') {
++map;
if (*map == '-') {
++map, Md = 1;
}
M = *map++ - '0';
if (*map == '+') {
++map, Mp = 1;
}
}
/* note that N and M are one-based indices, not zero-based */
start = dots[0]+1; /* ptr to the first character */
end = dots[ndots]; /* ptr to the character after the last one */
if (N != 0) {
if (N > ndots) {
start = "_";
end = start+1;
}
else if (!Nd) {
start = dots[N-1]+1;
if (!Np) {
end = dots[N];
}
}
else {
if (!Np) {
start = dots[ndots-N]+1;
}
end = dots[ndots-N+1];
}
}
if (M != 0) {
if (M > end - start) {
start = "_";
end = start+1;
}
else if (!Md) {
start = start+M-1;
if (!Mp) {
end = start+1;
}
}
else {
if (!Mp) {
start = end-M;
}
end = end-M+1;
}
}
vhost_alias_checkspace(r, buf, &dest, end - start);
for (p = start; p < end; ++p) {
*dest++ = ap_tolower(*p);
}
}
*dest = '\0';
/* no double slashes */
if (last == '/') {
++uri;
}
if (r->filename) {
r->filename = ap_pstrcat(r->pool, r->filename, buf, uri, NULL);
}
else {
r->filename = ap_pstrcat(r->pool, buf, uri, NULL);
}
}