/* Escape control chars */ char *mbox_cntrl_escape(apr_pool_t *p, char *s) { int i, j; char *x; /* first, count the number of extra characters */ for (i = 0, j = 0; s[i] != '\0'; i++) if (apr_iscntrl(s[i])) j += 5; if (j == 0) return s; x = apr_palloc(p, i + j + 1); for (i = 0, j = 0; s[i] != '\0'; i++, j++) { if (apr_iscntrl(s[i])) { snprintf(&x[j], 7, "&#%3.3d;", (unsigned char)s[i]); j += 5; } else x[j] = s[i]; } x[j] = '\0'; return x; }
int main(int argc, char *argv[]) { unsigned c; unsigned char flags; printf("/* this file is automatically generated by gen_test_char, " "do not edit */\n" "#define T_ESCAPE_SHELL_CMD (%u)\n" "#define T_ESCAPE_PATH_SEGMENT (%u)\n" "#define T_OS_ESCAPE_PATH (%u)\n" "#define T_HTTP_TOKEN_STOP (%u)\n" "#define T_ESCAPE_LOGITEM (%u)\n" "#define T_ESCAPE_FORENSIC (%u)\n" "\n" "static const unsigned char test_char_table[256] = {", T_ESCAPE_SHELL_CMD, T_ESCAPE_PATH_SEGMENT, T_OS_ESCAPE_PATH, T_HTTP_TOKEN_STOP, T_ESCAPE_LOGITEM, T_ESCAPE_FORENSIC); for (c = 0; c < 256; ++c) { flags = 0; if (c % 20 == 0) printf("\n "); /* escape_shell_cmd */ #ifdef NEED_ENHANCED_ESCAPES /* Win32/OS2 have many of the same vulnerable characters * as Unix sh, plus the carriage return and percent char. * The proper escaping of these characters varies from unix * since Win32/OS2 use carets or doubled-double quotes, * and neither lf nor cr can be escaped. We escape unix * specific as well, to assure that cross-compiled unix * applications behave similiarly when invoked on win32/os2. * * Rem please keep in-sync with apr's list in win32/filesys.c */ if (c && strchr("&;`'\"|*?~<>^()[]{}$\\\n\r%", c)) { flags |= T_ESCAPE_SHELL_CMD; } #else if (c && strchr("&;`'\"|*?~<>^()[]{}$\\\n", c)) { flags |= T_ESCAPE_SHELL_CMD; } #endif if (!apr_isalnum(c) && !strchr("$-_.+!*'(),:@&=~", c)) { flags |= T_ESCAPE_PATH_SEGMENT; } if (!apr_isalnum(c) && !strchr("$-_.+!*'(),:@&=/~", c)) { flags |= T_OS_ESCAPE_PATH; } /* these are the "tspecials" (RFC2068) or "separators" (RFC2616) */ if (c && (apr_iscntrl(c) || strchr(" \t()<>@,;:\\\"/[]?={}", c))) { flags |= T_HTTP_TOKEN_STOP; } /* For logging, escape all control characters, * double quotes (because they delimit the request in the log file) * backslashes (because we use backslash for escaping) * and 8-bit chars with the high bit set */ if (c && (!apr_isprint(c) || c == '"' || c == '\\' || apr_iscntrl(c))) { flags |= T_ESCAPE_LOGITEM; } /* For forensic logging, escape all control characters, top bit set, * :, | (used as delimiters) and % (used for escaping). */ if (!apr_isprint(c) || c == ':' || c == '|' || c == '%' || apr_iscntrl(c) || !c) { flags |= T_ESCAPE_FORENSIC; } printf("%u%c", flags, (c < 255) ? ',' : ' '); } printf("\n};\n"); return 0; }
static char *get_password(const char *prompt) { /* WCE lacks console. So the getpass is unsuported * The only way is to use the GUI so the getpass should be implemented * on per-application basis. */ #ifdef _WIN32_WCE return NULL; #else static char password[128]; int n = 0; int ch; fputs(prompt, stderr); while ((ch = _getch()) != '\r') { if (ch == EOF) /* EOF */ { fputs("[EOF]\n", stderr); return NULL; } else if (ch == 0 || ch == 0xE0) { /* FN Keys (0 or E0) are a sentinal for a FN code */ ch = (ch << 4) | _getch(); /* Catch {DELETE}, {<--}, Num{DEL} and Num{<--} */ if ((ch == 0xE53 || ch == 0xE4B || ch == 0x053 || ch == 0x04b) && n) { password[--n] = '\0'; fputs("\b \b", stderr); } else { fputc('\a', stderr); } } else if ((ch == '\b' || ch == 127) && n) /* BS/DEL */ { password[--n] = '\0'; fputs("\b \b", stderr); } else if (ch == 3) /* CTRL+C */ { /* _getch() bypasses Ctrl+C but not Ctrl+Break detection! */ fputs("^C\n", stderr); exit(-1); } else if (ch == 26) /* CTRL+Z */ { fputs("^Z\n", stderr); return NULL; } else if (ch == 27) /* ESC */ { fputc('\n', stderr); fputs(prompt, stderr); n = 0; } else if ((n < sizeof(password) - 1) && !apr_iscntrl(ch)) { password[n++] = ch; fputc('*', stderr); } else { fputc('\a', stderr); } } fputc('\n', stderr); password[n] = '\0'; return password; #endif }