svn_error_t * svn_mime_type_validate(const char *mime_type, apr_pool_t *pool) { /* Since svn:mime-type can actually contain a full content type specification, e.g., "text/html; charset=UTF-8", make sure we're only looking at the media type here. */ const apr_size_t len = strcspn(mime_type, "; "); const char *const slash_pos = strchr(mime_type, '/'); if (len == 0) return svn_error_createf (SVN_ERR_BAD_MIME_TYPE, NULL, _("MIME type '%s' has empty media type"), mime_type); if (slash_pos == NULL || slash_pos >= &mime_type[len]) return svn_error_createf (SVN_ERR_BAD_MIME_TYPE, NULL, _("MIME type '%s' does not contain '/'"), mime_type); if (! apr_isalnum(mime_type[len - 1])) return svn_error_createf (SVN_ERR_BAD_MIME_TYPE, NULL, _("MIME type '%s' ends with non-alphanumeric character"), mime_type); return SVN_NO_ERROR; }
static char *http2env(request_rec *r, const char *w) { char *res = (char *)apr_palloc(r->pool, sizeof("HTTP_") + strlen(w)); char *cp = res; char c; *cp++ = 'H'; *cp++ = 'T'; *cp++ = 'T'; *cp++ = 'P'; *cp++ = '_'; while ((c = *w++) != 0) { if (apr_isalnum(c)) { *cp++ = apr_toupper(c); } else if (c == '-') { *cp++ = '_'; } else { if (APLOGrtrace1(r)) ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "Not exporting header with invalid name as envvar: %s", ap_escape_logitem(r->pool, w)); return NULL; } } *cp = 0; return res; }
zktool_format_opt(const apr_getopt_option_t *opt, const char *metaval, apr_pool_t *pool) { const char *n = NULL; const char *optfmt = NULL; const char *optfmt_long_with_arg = ZKTOOL_OPT_INDENT_STR "-%c, %s\n" ZKTOOL_OPT_INDENT_STR ZKTOOL_OPT_DESC; const char *optfmt_long = ZKTOOL_OPT_INDENT_STR "-%c, %s\n" ZKTOOL_OPT_INDENT_STR ZKTOOL_OPT_DESC; const char *optfmt_no_short_with_arg = ZKTOOL_OPT_INDENT_STR ZKTOOL_OPT_FMTSTR_L "\n" ZKTOOL_OPT_INDENT_STR ZKTOOL_OPT_DESC; const char *optfmt_no_short = ZKTOOL_OPT_INDENT_STR ZKTOOL_OPT_FMTSTR_R " %%s"; const char *optfmt_no_long = ZKTOOL_OPT_INDENT_STR "-%c " ZKTOOL_OPT_FMTSTR_L " %%s"; const char *optfmt_no_long_with_arg = ZKTOOL_OPT_INDENT_STR "-%c " ZKTOOL_OPT_FMTSTR_L " %%s"; if(opt->name && *opt->name) { if(opt->has_arg) { if(!metaval) metaval = "VALUE"; } if(opt->has_arg && metaval && *metaval) n = apr_psprintf(pool,"--%s=%s",opt->name,metaval); else n = apr_psprintf(pool,"--%s",opt->name); } else if(apr_isalnum(opt->optch)) { if(opt->has_arg && !metaval) metaval = "VALUE"; if(opt->has_arg && metaval && *metaval) n = metaval; else n = ""; } if(opt->name && *opt->name) { if(opt->has_arg && !apr_isalnum(opt->optch)) optfmt = apr_psprintf(pool,optfmt_no_short_with_arg,n); else if(!opt->has_arg && apr_isalnum(opt->optch)) optfmt = apr_psprintf(pool,optfmt_long,(char)opt->optch,n); else if(!opt->has_arg && !apr_isalnum(opt->optch)) optfmt = apr_psprintf(pool,optfmt_no_short,n); else optfmt = apr_psprintf(pool,optfmt_long_with_arg,(char)opt->optch,n); } else if(apr_isalnum(opt->optch)) { if(opt->has_arg) optfmt = apr_psprintf(pool,optfmt_no_long_with_arg,(char)opt->optch,n); else optfmt = apr_psprintf(pool,optfmt_no_long,(char)opt->optch,n); } assert(optfmt != NULL); return optfmt; }
static void set_and_comp_regexp(cookie_dir_rec *dcfg, apr_pool_t *p, const char *cookie_name) { int danger_chars = 0; const char *sp = cookie_name; /* The goal is to end up with this regexp, * ^cookie_name=([^;,]+)|[;,][ \t]+cookie_name=([^;,]+) * with cookie_name obviously substituted either * with the real cookie name set by the user in httpd.conf, or with the * default COOKIE_NAME. */ /* Anyway, we need to escape the cookie_name before pasting it * into the regex */ while (*sp) { if (!apr_isalnum(*sp)) { ++danger_chars; } ++sp; } if (danger_chars) { char *cp; cp = apr_palloc(p, sp - cookie_name + danger_chars + 1); /* 1 == \0 */ sp = cookie_name; cookie_name = cp; while (*sp) { if (!apr_isalnum(*sp)) { *cp++ = '\\'; } *cp++ = *sp++; } *cp = '\0'; } dcfg->regexp_string = apr_pstrcat(p, "^", cookie_name, "=([^;,]+)|[;,][ \t]*", cookie_name, "=([^;,]+)", NULL); dcfg->regexp = ap_pregcomp(p, dcfg->regexp_string, AP_REG_EXTENDED); ap_assert(dcfg->regexp != NULL); }
static const char * ap_escape_urlencoded(apr_pool_t * pool, const char * buffer) { char * copy = apr_palloc(pool, 3 * strlen(buffer) + 1); char * p = copy; while (*buffer) { if (!apr_isalnum(*buffer) && !strchr(".-*_ ", *buffer)) { *p++ = '%'; sprintf(p, "%02x", *p); *p += 2; } else if (*buffer == ' ') { *p++ = '+'; } else { *p++ = *buffer; } buffer++; } *p++ = '\0'; return copy; }
AP_DECLARE(char **) ap_create_environment(apr_pool_t *p, apr_table_t *t) { const apr_array_header_t *env_arr = apr_table_elts(t); const apr_table_entry_t *elts = (const apr_table_entry_t *) env_arr->elts; char **env = (char **) apr_palloc(p, (env_arr->nelts + 2) * sizeof(char *)); int i, j; char *tz; char *whack; j = 0; if (!apr_table_get(t, "TZ")) { tz = getenv("TZ"); if (tz != NULL) { env[j++] = apr_pstrcat(p, "TZ=", tz, NULL); } } for (i = 0; i < env_arr->nelts; ++i) { if (!elts[i].key) { continue; } env[j] = apr_pstrcat(p, elts[i].key, "=", elts[i].val, NULL); whack = env[j]; if (apr_isdigit(*whack)) { *whack++ = '_'; } while (*whack != '=') { if (!apr_isalnum(*whack) && *whack != '_') { *whack = '_'; } ++whack; } ++j; } env[j] = NULL; return env; }
static char *http2env(apr_pool_t *a, const char *w) { char *res = (char *)apr_palloc(a, sizeof("HTTP_") + strlen(w)); char *cp = res; char c; *cp++ = 'H'; *cp++ = 'T'; *cp++ = 'T'; *cp++ = 'P'; *cp++ = '_'; while ((c = *w++) != 0) { if (!apr_isalnum(c)) { *cp++ = '_'; } else { *cp++ = apr_toupper(c); } } *cp = 0; return res; }
int main(int argc, char *argv[]) { unsigned c; unsigned char flags; printf("/* this file is automatically generated by gen_test_char, " "do not edit */\n" "#define T_ESCAPE_SHELL_CMD (%u)\n" "#define T_ESCAPE_PATH_SEGMENT (%u)\n" "#define T_OS_ESCAPE_PATH (%u)\n" "#define T_HTTP_TOKEN_STOP (%u)\n" "#define T_ESCAPE_LOGITEM (%u)\n" "#define T_ESCAPE_FORENSIC (%u)\n" "\n" "static const unsigned char test_char_table[256] = {", T_ESCAPE_SHELL_CMD, T_ESCAPE_PATH_SEGMENT, T_OS_ESCAPE_PATH, T_HTTP_TOKEN_STOP, T_ESCAPE_LOGITEM, T_ESCAPE_FORENSIC); for (c = 0; c < 256; ++c) { flags = 0; if (c % 20 == 0) printf("\n "); /* escape_shell_cmd */ #ifdef NEED_ENHANCED_ESCAPES /* Win32/OS2 have many of the same vulnerable characters * as Unix sh, plus the carriage return and percent char. * The proper escaping of these characters varies from unix * since Win32/OS2 use carets or doubled-double quotes, * and neither lf nor cr can be escaped. We escape unix * specific as well, to assure that cross-compiled unix * applications behave similiarly when invoked on win32/os2. * * Rem please keep in-sync with apr's list in win32/filesys.c */ if (c && strchr("&;`'\"|*?~<>^()[]{}$\\\n\r%", c)) { flags |= T_ESCAPE_SHELL_CMD; } #else if (c && strchr("&;`'\"|*?~<>^()[]{}$\\\n", c)) { flags |= T_ESCAPE_SHELL_CMD; } #endif if (!apr_isalnum(c) && !strchr("$-_.+!*'(),:@&=~", c)) { flags |= T_ESCAPE_PATH_SEGMENT; } if (!apr_isalnum(c) && !strchr("$-_.+!*'(),:@&=/~", c)) { flags |= T_OS_ESCAPE_PATH; } /* these are the "tspecials" (RFC2068) or "separators" (RFC2616) */ if (c && (apr_iscntrl(c) || strchr(" \t()<>@,;:\\\"/[]?={}", c))) { flags |= T_HTTP_TOKEN_STOP; } /* For logging, escape all control characters, * double quotes (because they delimit the request in the log file) * backslashes (because we use backslash for escaping) * and 8-bit chars with the high bit set */ if (c && (!apr_isprint(c) || c == '"' || c == '\\' || apr_iscntrl(c))) { flags |= T_ESCAPE_LOGITEM; } /* For forensic logging, escape all control characters, top bit set, * :, | (used as delimiters) and % (used for escaping). */ if (!apr_isprint(c) || c == ':' || c == '|' || c == '%' || apr_iscntrl(c) || !c) { flags |= T_ESCAPE_FORENSIC; } printf("%u%c", flags, (c < 255) ? ',' : ' '); } printf("\n};\n"); return 0; }
static authn_status authn_dbd_password(request_rec *r, const char *user, const char *password) { apr_status_t rv; const char *dbd_password = NULL; apr_dbd_prepared_t *statement; apr_dbd_results_t *res = NULL; apr_dbd_row_t *row = NULL; authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config, &authn_dbd_module); ap_dbd_t *dbd = authn_dbd_acquire_fn(r); char *digest_colon = NULL; if (dbd == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Failed to acquire database connection to look up " "user '%s'", user); return AUTH_GENERAL_ERROR; } if (conf->user == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserPWQuery has been specified"); return AUTH_GENERAL_ERROR; } statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING); if (statement == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for " "AuthDBDUserPWQuery with the key '%s'", conf->user); return AUTH_GENERAL_ERROR; } if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement, 0, user, NULL) != 0) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Query execution error looking up '%s' " "in database", user); return AUTH_GENERAL_ERROR; } for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1); rv != -1; rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) { if (rv != 0) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "Error retrieving results while looking up '%s' " "in database", user); return AUTH_GENERAL_ERROR; } if (dbd_password == NULL) { #if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3) /* add the rest of the columns to the environment */ int i = 1; const char *name; for (name = apr_dbd_get_name(dbd->driver, res, i); name != NULL; name = apr_dbd_get_name(dbd->driver, res, i)) { char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, name, NULL); int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */ while (str[j]) { if (!apr_isalnum(str[j])) { str[j] = '_'; } else { str[j] = apr_toupper(str[j]); } j++; } apr_table_set(r->subprocess_env, str, apr_dbd_get_entry(dbd->driver, row, i)); i++; } #endif dbd_password = apr_dbd_get_entry(dbd->driver, row, 0); } /* we can't break out here or row won't get cleaned up */ } if (!dbd_password) { return AUTH_USER_NOT_FOUND; } if ((digest_colon = ap_strchr(dbd_password, ':'))) { const char *realm = NULL, *exp_hash = NULL; const char *act_hash = NULL; realm = apr_pstrndup(r->pool, dbd_password, digest_colon - dbd_password); exp_hash = digest_colon + 1; act_hash = ap_md5(r->pool, (unsigned char*) apr_pstrcat(r->pool, user, ":", realm, ":", password, NULL)); if (strcmp(act_hash, exp_hash)) { return AUTH_DENIED; } else { return AUTH_GRANTED; } } rv = apr_password_validate(password, dbd_password); if (rv != APR_SUCCESS) { return AUTH_DENIED; } return AUTH_GRANTED; }
static authn_status authn_dbd_realm(request_rec *r, const char *user, const char *realm, char **rethash) { apr_status_t rv; const char *dbd_hash = NULL; apr_dbd_prepared_t *statement; apr_dbd_results_t *res = NULL; apr_dbd_row_t *row = NULL; int ret; authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config, &authn_dbd_module); ap_dbd_t *dbd = authn_dbd_acquire_fn(r); if (dbd == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01658) "Failed to acquire database connection to look up " "user '%s:%s'", user, realm); return AUTH_GENERAL_ERROR; } if (conf->realm == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01659) "No AuthDBDUserRealmQuery has been specified"); return AUTH_GENERAL_ERROR; } statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING); if (statement == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01660) "A prepared statement could not be found for " "AuthDBDUserRealmQuery with the key '%s'", conf->realm); return AUTH_GENERAL_ERROR; } if ((ret = apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement, 0, user, realm, NULL) != 0)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01661) "Query execution error looking up '%s:%s' " "in database [%s]", user, realm, apr_dbd_error(dbd->driver, dbd->handle, ret)); return AUTH_GENERAL_ERROR; } for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1); rv != -1; rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) { if (rv != 0) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01662) "Error retrieving results while looking up '%s:%s' " "in database", user, realm); return AUTH_GENERAL_ERROR; } if (dbd_hash == NULL) { #if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3) /* add the rest of the columns to the environment */ int i = 1; const char *name; for (name = apr_dbd_get_name(dbd->driver, res, i); name != NULL; name = apr_dbd_get_name(dbd->driver, res, i)) { char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, name, NULL); int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */ while (str[j]) { if (!apr_isalnum(str[j])) { str[j] = '_'; } else { str[j] = apr_toupper(str[j]); } j++; } apr_table_set(r->subprocess_env, str, apr_dbd_get_entry(dbd->driver, row, i)); i++; } #endif dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0); } /* we can't break out here or row won't get cleaned up */ } if (!dbd_hash) { return AUTH_USER_NOT_FOUND; } AUTHN_CACHE_STORE(r, user, realm, dbd_hash); *rethash = apr_pstrdup(r->pool, dbd_hash); return AUTH_USER_FOUND; }