generic-library/libupnp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Patch to fix behaviou when char is signed

Browse Source 
it seems to me that there is still something wrong:

	1)  the new is_qdtext_char() is incorrect.
	There is a trap if char is implemented as signed char.
	Suppose that c is '\xFF', it will be -1 when converted to an int.
	By definition, c should be qdtext:
	qdtext = <any TEXT except <">>
	TEXT = <any OCTET except CTLs, but including LWS>
	OCTET = <any 8-bit sequence of data>

	2) the character after '\\' could be either part of a quoted-pair
	(together with '\\'), or a normal qdtext, since '\\' itself can
	be treated as a qdtext. This is equivalent to saying that the
	character after '\\' in a quoted string could be ANY octet.

	A patch based on the above two observations is attached.

	Peng
This commit is contained in:
Peng 2013-08-16 14:16:47 -03:00 committed by Marcelo Roberto Jimenez
parent c70f5ce323
commit f10730f616
2 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
ChangeLog
View File

@ -2,6 +2,29 @@
Version 1.6.19
*******************************************************************************
2013-08-13 Peng <howtofly(at)gmail.com>
Patch to fix behaviou when char is signed
it seems to me that there is still something wrong:
1) the new is_qdtext_char() is incorrect.
There is a trap if char is implemented as signed char.
Suppose that c is '\xFF', it will be -1 when converted to an int.
By definition, c should be qdtext:
qdtext = <any TEXT except <">>
TEXT = <any OCTET except CTLs, but including LWS>
OCTET = <any 8-bit sequence of data>
2) the character after '\\' could be either part of a quoted-pair
(together with '\\'), or a normal qdtext, since '\\' itself can
be treated as a qdtext. This is equivalent to saying that the
character after '\\' in a quoted string could be ANY octet.
A patch based on the above two observations is attached.
Peng
2013-08-13 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>
Enforce RFC 2616 and accept "0" after a backslash for quoted-strings.

4
upnp/src/genlib/net/http/httpparser.c
View File

@ -190,6 +190,7 @@ static UPNP_INLINE int is_qdtext_char(IN int c)
return
(c >= 32 && c != 127) ||
c < 0 ||
c == TOKCHAR_CR ||
c == TOKCHAR_LF ||
c == '\t';
@ -288,8 +289,7 @@ static parse_status_t scanner_get_token(
} else if (c == '\\') {
if (cursor < null_terminator) {
c = *cursor++;
if (c < 0 || c > 127)
return PARSE_FAILURE;
/* the char after '\\' could be ANY octet */
}
/* else, while loop handles incomplete buf */
} else if (is_qdtext_char(c)) {