/* Escape control chars */
char *mbox_cntrl_escape(apr_pool_t *p, char *s)
{
int i, j;
char *x;
/* first, count the number of extra characters */
for (i = 0, j = 0; s[i] != '\0'; i++)
if (apr_iscntrl(s[i]))
j += 5;
if (j == 0)
return s;
x = apr_palloc(p, i + j + 1);
for (i = 0, j = 0; s[i] != '\0'; i++, j++) {
if (apr_iscntrl(s[i])) {
snprintf(&x[j], 7, "&#%3.3d;", (unsigned char)s[i]);
j += 5;
}
else
x[j] = s[i];
}
x[j] = '\0';
return x;
}
int main(int argc, char *argv[])
{
unsigned c;
unsigned char flags;
printf("/* this file is automatically generated by gen_test_char, "
"do not edit */\n"
"#define T_ESCAPE_SHELL_CMD (%u)\n"
"#define T_ESCAPE_PATH_SEGMENT (%u)\n"
"#define T_OS_ESCAPE_PATH (%u)\n"
"#define T_HTTP_TOKEN_STOP (%u)\n"
"#define T_ESCAPE_LOGITEM (%u)\n"
"#define T_ESCAPE_FORENSIC (%u)\n"
"\n"
"static const unsigned char test_char_table[256] = {",
T_ESCAPE_SHELL_CMD,
T_ESCAPE_PATH_SEGMENT,
T_OS_ESCAPE_PATH,
T_HTTP_TOKEN_STOP,
T_ESCAPE_LOGITEM,
T_ESCAPE_FORENSIC);
for (c = 0; c < 256; ++c) {
flags = 0;
if (c % 20 == 0)
printf("\n ");
/* escape_shell_cmd */
#ifdef NEED_ENHANCED_ESCAPES
/* Win32/OS2 have many of the same vulnerable characters
* as Unix sh, plus the carriage return and percent char.
* The proper escaping of these characters varies from unix
* since Win32/OS2 use carets or doubled-double quotes,
* and neither lf nor cr can be escaped. We escape unix
* specific as well, to assure that cross-compiled unix
* applications behave similiarly when invoked on win32/os2.
*
* Rem please keep in-sync with apr's list in win32/filesys.c
*/
if (c && strchr("&;`'\"|*?~<>^()[]{}$\\\n\r%", c)) {
flags |= T_ESCAPE_SHELL_CMD;
}
#else
if (c && strchr("&;`'\"|*?~<>^()[]{}$\\\n", c)) {
flags |= T_ESCAPE_SHELL_CMD;
}
#endif
if (!apr_isalnum(c) && !strchr("$-_.+!*'(),:@&=~", c)) {
flags |= T_ESCAPE_PATH_SEGMENT;
}
if (!apr_isalnum(c) && !strchr("$-_.+!*'(),:@&=/~", c)) {
flags |= T_OS_ESCAPE_PATH;
}
/* these are the "tspecials" (RFC2068) or "separators" (RFC2616) */
if (c && (apr_iscntrl(c) || strchr(" \t()<>@,;:\\\"/[]?={}", c))) {
flags |= T_HTTP_TOKEN_STOP;
}
/* For logging, escape all control characters,
* double quotes (because they delimit the request in the log file)
* backslashes (because we use backslash for escaping)
* and 8-bit chars with the high bit set
*/
if (c && (!apr_isprint(c) || c == '"' || c == '\\' || apr_iscntrl(c))) {
flags |= T_ESCAPE_LOGITEM;
}
/* For forensic logging, escape all control characters, top bit set,
* :, | (used as delimiters) and % (used for escaping).
*/
if (!apr_isprint(c) || c == ':' || c == '|' || c == '%'
|| apr_iscntrl(c) || !c) {
flags |= T_ESCAPE_FORENSIC;
}
printf("%u%c", flags, (c < 255) ? ',' : ' ');
}
printf("\n};\n");
return 0;
}
static char *get_password(const char *prompt)
{
/* WCE lacks console. So the getpass is unsuported
* The only way is to use the GUI so the getpass should be implemented
* on per-application basis.
*/
#ifdef _WIN32_WCE
return NULL;
#else
static char password[128];
int n = 0;
int ch;
fputs(prompt, stderr);
while ((ch = _getch()) != '\r') {
if (ch == EOF) /* EOF */ {
fputs("[EOF]\n", stderr);
return NULL;
}
else if (ch == 0 || ch == 0xE0) {
/* FN Keys (0 or E0) are a sentinal for a FN code */
ch = (ch << 4) | _getch();
/* Catch {DELETE}, {<--}, Num{DEL} and Num{<--} */
if ((ch == 0xE53 || ch == 0xE4B || ch == 0x053 || ch == 0x04b) && n) {
password[--n] = '\0';
fputs("\b \b", stderr);
}
else {
fputc('\a', stderr);
}
}
else if ((ch == '\b' || ch == 127) && n) /* BS/DEL */ {
password[--n] = '\0';
fputs("\b \b", stderr);
}
else if (ch == 3) /* CTRL+C */ {
/* _getch() bypasses Ctrl+C but not Ctrl+Break detection! */
fputs("^C\n", stderr);
exit(-1);
}
else if (ch == 26) /* CTRL+Z */ {
fputs("^Z\n", stderr);
return NULL;
}
else if (ch == 27) /* ESC */ {
fputc('\n', stderr);
fputs(prompt, stderr);
n = 0;
}
else if ((n < sizeof(password) - 1) && !apr_iscntrl(ch)) {
password[n++] = ch;
fputc('*', stderr);
}
else {
fputc('\a', stderr);
}
}
fputc('\n', stderr);
password[n] = '\0';
return password;
#endif
}
