generic-library/libupnp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Enforce RFC 2616 and accept "0" after a backslash for quoted-strings.

Browse Source 
Reported by Peng <howtofly(at)gmail.com>
(cherry picked from commit c70f5ce323)
This commit is contained in:
Marcelo Roberto Jimenez 2013-08-14 09:51:41 -03:00
parent cf8c0d0a93
commit 61d2950fa5
2 changed files with 20 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -357,6 +357,12 @@ Version 1.8.0
Version 1.6.19
*******************************************************************************
2013-08-13 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>
Enforce RFC 2616 and accept "0" after a backslash for quoted-strings.
Reported by Peng <howtofly(at)gmail.com>
2013-08-13 Peng <howtofly(at)gmail.com>
Patch to make scanner_get_token more robust (avoid over-reading).

33
upnp/src/genlib/net/http/httpparser.c
View File

@ -143,9 +143,9 @@ static UPNP_INLINE void scanner_init(OUT scanner_t *scanner, IN membuffer *bufpt
* Description : Finds the separator character.
*
************************************************************************/
static UPNP_INLINE int is_separator_char(IN char c)
static UPNP_INLINE int is_separator_char(IN int c)
{
return strchr(" \t()<>@,;:\\\"/[]?={}", (int)c) != NULL;
return strchr(" \t()<>@,;:\\\"/[]?={}", c) != 0;
}
/************************************************************************
@ -157,7 +157,7 @@ static UPNP_INLINE int is_separator_char(IN char c)
* Description : Calls the function to indentify separator character
*
************************************************************************/
static UPNP_INLINE int is_identifier_char(IN char c)
static UPNP_INLINE int is_identifier_char(IN int c)
{
return c >= 32 && c <= 126 && !is_separator_char(c);
}
@ -171,7 +171,7 @@ static UPNP_INLINE int is_identifier_char(IN char c)
* Description : Determines if the passed value is a control character
*
************************************************************************/
static UPNP_INLINE int is_control_char(IN char c)
static UPNP_INLINE int is_control_char(IN int c)
{
return (c >= 0 && c <= 31) || c == 127;
}
@ -185,20 +185,16 @@ static UPNP_INLINE int is_control_char(IN char c)
* Description : Checks to see if the passed in value is CR/LF
*
************************************************************************/
static UPNP_INLINE int is_qdtext_char(IN char cc)
static UPNP_INLINE int is_qdtext_char(IN int c)
{
unsigned char c = ( unsigned char )cc;
/* we don't check for this; it's checked in get_token() */
assert( c != '"' );
/* we don't check for this; it's checked in get_token() */
assert( c != '"' );
if( ( c >= 32 && c != 127 ) ||
( c == TOKCHAR_CR || c == TOKCHAR_LF || c == '\t' )
) {
return TRUE;
} else {
return FALSE;
}
return
(c >= 32 && c != 127) ||
c == TOKCHAR_CR ||
c == TOKCHAR_LF ||
c == '\t';
}
/************************************************************************
@ -226,7 +222,7 @@ static parse_status_t scanner_get_token(
{
char *cursor;
char *null_terminator; /* point to null-terminator in buffer */
char c;
int c;
token_type_t token_type;
int got_end_quote;
@ -294,8 +290,7 @@ static parse_status_t scanner_get_token(
} else if (c == '\\') {
if (cursor < null_terminator) {
c = *cursor++;
/*if ( !(c > 0 && c <= 127) ) */
if (c == 0)
if (c < 0 || c > 127)
return PARSE_FAILURE;
}
/* else, while loop handles incomplete buf */