diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2021-07-30 11:25:40 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2021-07-30 11:26:10 +0100 |
| commit | 05d1951b5cfb9b72378eb3c1bdfdaa025b355789 (patch) | |
| tree | ed634b80d3fe21189be7d8629b70011279981c5a /src | |
| parent | 8b66801d1a9a82fde251b321945091a153eeadbb (diff) | |
| download | rspamd-05d1951b5cfb9b72378eb3c1bdfdaa025b355789.tar.gz rspamd-05d1951b5cfb9b72378eb3c1bdfdaa025b355789.zip | |
[Minor] Implement backslashes replacement while we normalise http paths
Diffstat (limited to 'src')
| -rw-r--r-- | src/libserver/http/http_util.c | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/src/libserver/http/http_util.c b/src/libserver/http/http_util.c index fd5adb3c1..e6ba314d0 100644 --- a/src/libserver/http/http_util.c +++ b/src/libserver/http/http_util.c @@ -312,7 +312,8 @@ rspamd_http_normalize_path_inplace (gchar *path, guint len, gsize *nlen) st_got_dot_dot, st_got_slash, st_got_slash_slash, - } state = st_normal; + st_replace_backslash, + } state = st_normal, next_state; p = path; end = path + len; @@ -329,6 +330,11 @@ rspamd_http_normalize_path_inplace (gchar *path, guint len, gsize *nlen) state = st_got_dot; dot = p; } + else if (G_UNLIKELY (*p == '\\')) { + state = st_replace_backslash; + next_state = st_normal; + continue; + } else { *o++ = *p; } @@ -340,6 +346,11 @@ rspamd_http_normalize_path_inplace (gchar *path, guint len, gsize *nlen) *o++ = *p; state = st_got_slash_slash; } + else if (G_UNLIKELY (*p == '\\')) { + state = st_replace_backslash; + next_state = st_got_slash; + continue; + } else if (G_UNLIKELY (*p == '.')) { dot = p; state = st_got_dot; @@ -375,6 +386,11 @@ rspamd_http_normalize_path_inplace (gchar *path, guint len, gsize *nlen) /* Ignore last slash */ state = st_normal; } + else if (G_UNLIKELY (*p == '\\')) { + state = st_replace_backslash; + next_state = st_got_dot; + continue; + } else if (*p == '.') { /* Double dot character */ state = st_got_dot_dot; @@ -436,6 +452,11 @@ rspamd_http_normalize_path_inplace (gchar *path, guint len, gsize *nlen) continue; } } + else if (G_UNLIKELY (*p == '\\')) { + state = st_replace_backslash; + next_state = st_got_dot_dot; + continue; + } else { /* We have something like ..bla or ... */ if (slash) { @@ -455,6 +476,14 @@ rspamd_http_normalize_path_inplace (gchar *path, guint len, gsize *nlen) p ++; break; + case st_replace_backslash: + /* + * Replace backslash and return to the previous state as it was + * a normal slash + */ + *(gchar *)p = '/'; + state = next_state; + break; } } |