diff options
| author | William A. Rowe Jr <wrowe@apache.org> | 2016-08-19 21:48:58 +0200 |
|---|---|---|
| committer | William A. Rowe Jr <wrowe@apache.org> | 2016-08-19 21:48:58 +0200 |
| commit | b9a6a0ee7b194d18d6652fffed97dd77cdaf04a7 (patch) | |
| tree | a15c060c749a6229beea29ab2077f0eabd8a8fa3 /server/gen_test_char.c | |
| parent | After lengthy investigation with covener's assistance, it seems we cannot (diff) | |
| download | apache2-b9a6a0ee7b194d18d6652fffed97dd77cdaf04a7.tar.xz apache2-b9a6a0ee7b194d18d6652fffed97dd77cdaf04a7.zip | |
Introduce StrictURI|UnsafeURI for RFC3986 enforcement
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1756959 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'server/gen_test_char.c')
| -rw-r--r-- | server/gen_test_char.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/server/gen_test_char.c b/server/gen_test_char.c index 046f47b51b..ed9620fe40 100644 --- a/server/gen_test_char.c +++ b/server/gen_test_char.c @@ -53,11 +53,12 @@ #define T_ESCAPE_FORENSIC (0x20) #define T_ESCAPE_URLENCODED (0x40) #define T_HTTP_CTRLS (0x80) +#define T_URI_RFC3986 (0x100) int main(int argc, char *argv[]) { unsigned c; - unsigned char flags; + unsigned short flags; printf("/* this file is automatically generated by gen_test_char, " "do not edit */\n" @@ -69,8 +70,9 @@ int main(int argc, char *argv[]) "#define T_ESCAPE_FORENSIC (%u)\n" "#define T_ESCAPE_URLENCODED (%u)\n" "#define T_HTTP_CTRLS (%u)\n" + "#define T_URI_RFC3986 (%u)\n" "\n" - "static const unsigned char test_char_table[256] = {", + "static const unsigned short test_char_table[256] = {", T_ESCAPE_SHELL_CMD, T_ESCAPE_PATH_SEGMENT, T_OS_ESCAPE_PATH, @@ -78,7 +80,8 @@ int main(int argc, char *argv[]) T_ESCAPE_LOGITEM, T_ESCAPE_FORENSIC, T_ESCAPE_URLENCODED, - T_HTTP_CTRLS); + T_HTTP_CTRLS, + T_URI_RFC3986); for (c = 0; c < 256; ++c) { flags = 0; @@ -122,7 +125,7 @@ int main(int argc, char *argv[]) * and "tspecials" (RFC2068) a.k.a. "separators" (RFC2616), which * is easer to express as characters remaining in the ASCII token set */ - if (!(apr_isalnum(c) || strchr("!#$%&'*+-.^_`|~", c))) { + if (!c || !(apr_isalnum(c) || strchr("!#$%&'*+-.^_`|~", c))) { flags |= T_HTTP_TOKEN_STOP; } @@ -136,6 +139,16 @@ int main(int argc, char *argv[]) flags |= T_HTTP_CTRLS; } + /* From RFC3986, the specific sets of gen-delims, sub-delims (2.2), + * and unreserved (2.3) that are possible somewhere within a URI. + * Spec requires all others to be %XX encoded, including obs-text. + */ + if (c && strchr(":/?#[]@" /* gen-delims */ + "!$&'()*+,;=" /* sub-delims */ + "-._~", c) || apr_isalnum(c)) { /* unreserved */ + flags |= T_URI_RFC3986; + } + /* For logging, escape all control characters, * double quotes (because they delimit the request in the log file) * backslashes (because we use backslash for escaping) @@ -153,7 +166,7 @@ int main(int argc, char *argv[]) flags |= T_ESCAPE_FORENSIC; } - printf("0x%02x%c", flags, (c < 255) ? ',' : ' '); + printf("0x%03x%c", flags, (c < 255) ? ',' : ' '); } printf("\n};\n"); |