diff options
| author | Ben Fuhrmannek | 2016-09-23 17:35:03 +0200 |
|---|---|---|
| committer | Ben Fuhrmannek | 2016-09-23 17:35:03 +0200 |
| commit | 200e697807b4de3af042edb3dea4d3db8fba9f03 (patch) | |
| tree | d62cbe31b3c8789b92fc19f72039a7a4e57750d8 /header.c | |
| parent | 5f2b52cbc278bcf587160a21790d5c6ebe181178 (diff) | |
whitespace / code indentation
Diffstat (limited to 'header.c')
| -rw-r--r-- | header.c | 84 |
1 files changed, 41 insertions, 43 deletions
| @@ -17,7 +17,7 @@ | |||
| 17 | +----------------------------------------------------------------------+ | 17 | +----------------------------------------------------------------------+ |
| 18 | */ | 18 | */ |
| 19 | /* | 19 | /* |
| 20 | $Id: header.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ | 20 | $Id: header.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ |
| 21 | */ | 21 | */ |
| 22 | 22 | ||
| 23 | #ifdef HAVE_CONFIG_H | 23 | #ifdef HAVE_CONFIG_H |
| @@ -40,12 +40,12 @@ char *suhosin_encrypt_single_cookie(char *name, int name_len, char *value, int v | |||
| 40 | int l; | 40 | int l; |
| 41 | 41 | ||
| 42 | buf = estrndup(name, name_len); | 42 | buf = estrndup(name, name_len); |
| 43 | 43 | ||
| 44 | 44 | ||
| 45 | name_len = php_url_decode(buf, name_len); | 45 | name_len = php_url_decode(buf, name_len); |
| 46 | normalize_varname(buf); | 46 | normalize_varname(buf); |
| 47 | name_len = strlen(buf); | 47 | name_len = strlen(buf); |
| 48 | 48 | ||
| 49 | if (SUHOSIN_G(cookie_plainlist)) { | 49 | if (SUHOSIN_G(cookie_plainlist)) { |
| 50 | if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), buf, name_len+1)) { | 50 | if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), buf, name_len+1)) { |
| 51 | encrypt_return_plain: | 51 | encrypt_return_plain: |
| @@ -57,11 +57,11 @@ encrypt_return_plain: | |||
| 57 | goto encrypt_return_plain; | 57 | goto encrypt_return_plain; |
| 58 | } | 58 | } |
| 59 | } | 59 | } |
| 60 | 60 | ||
| 61 | buf2 = estrndup(value, value_len); | 61 | buf2 = estrndup(value, value_len); |
| 62 | 62 | ||
| 63 | value_len = php_url_decode(buf2, value_len); | 63 | value_len = php_url_decode(buf2, value_len); |
| 64 | 64 | ||
| 65 | d = suhosin_encrypt_string(buf2, value_len, buf, name_len, key TSRMLS_CC); | 65 | d = suhosin_encrypt_string(buf2, value_len, buf, name_len, key TSRMLS_CC); |
| 66 | d_url = php_url_encode(d, strlen(d), &l); | 66 | d_url = php_url_encode(d, strlen(d), &l); |
| 67 | efree(d); | 67 | efree(d); |
| @@ -72,25 +72,25 @@ encrypt_return_plain: | |||
| 72 | 72 | ||
| 73 | char *suhosin_decrypt_single_cookie(char *name, int name_len, char *value, int value_len, char *key, char **where TSRMLS_DC) | 73 | char *suhosin_decrypt_single_cookie(char *name, int name_len, char *value, int value_len, char *key, char **where TSRMLS_DC) |
| 74 | { | 74 | { |
| 75 | int o_name_len = name_len; | 75 | int o_name_len = name_len; |
| 76 | char *buf, *buf2, *d, *d_url; | 76 | char *buf, *buf2, *d, *d_url; |
| 77 | int l; | 77 | int l; |
| 78 | 78 | ||
| 79 | buf = estrndup(name, name_len); | 79 | buf = estrndup(name, name_len); |
| 80 | 80 | ||
| 81 | name_len = php_url_decode(buf, name_len); | 81 | name_len = php_url_decode(buf, name_len); |
| 82 | normalize_varname(buf); | 82 | normalize_varname(buf); |
| 83 | name_len = strlen(buf); | 83 | name_len = strlen(buf); |
| 84 | 84 | ||
| 85 | if (SUHOSIN_G(cookie_plainlist)) { | 85 | if (SUHOSIN_G(cookie_plainlist)) { |
| 86 | if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), buf, name_len+1)) { | 86 | if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), buf, name_len+1)) { |
| 87 | decrypt_return_plain: | 87 | decrypt_return_plain: |
| 88 | efree(buf); | 88 | efree(buf); |
| 89 | memcpy(*where, name, o_name_len); | 89 | memcpy(*where, name, o_name_len); |
| 90 | *where += o_name_len; | 90 | *where += o_name_len; |
| 91 | **where = '='; *where +=1; | 91 | **where = '='; *where +=1; |
| 92 | memcpy(*where, value, value_len); | 92 | memcpy(*where, value, value_len); |
| 93 | *where += value_len; | 93 | *where += value_len; |
| 94 | return *where; | 94 | return *where; |
| 95 | } | 95 | } |
| 96 | } else if (SUHOSIN_G(cookie_cryptlist)) { | 96 | } else if (SUHOSIN_G(cookie_cryptlist)) { |
| @@ -98,21 +98,21 @@ decrypt_return_plain: | |||
| 98 | goto decrypt_return_plain; | 98 | goto decrypt_return_plain; |
| 99 | } | 99 | } |
| 100 | } | 100 | } |
| 101 | 101 | ||
| 102 | 102 | ||
| 103 | buf2 = estrndup(value, value_len); | 103 | buf2 = estrndup(value, value_len); |
| 104 | 104 | ||
| 105 | value_len = php_url_decode(buf2, value_len); | 105 | value_len = php_url_decode(buf2, value_len); |
| 106 | 106 | ||
| 107 | d = suhosin_decrypt_string(buf2, value_len, buf, name_len, key, &l, SUHOSIN_G(cookie_checkraddr) TSRMLS_CC); | 107 | d = suhosin_decrypt_string(buf2, value_len, buf, name_len, key, &l, SUHOSIN_G(cookie_checkraddr) TSRMLS_CC); |
| 108 | if (d == NULL) { | 108 | if (d == NULL) { |
| 109 | goto skip_cookie; | 109 | goto skip_cookie; |
| 110 | } | 110 | } |
| 111 | d_url = php_url_encode(d, l, &l); | 111 | d_url = php_url_encode(d, l, &l); |
| 112 | efree(d); | 112 | efree(d); |
| 113 | memcpy(*where, name, o_name_len); | 113 | memcpy(*where, name, o_name_len); |
| 114 | *where += o_name_len; | 114 | *where += o_name_len; |
| 115 | **where = '=';*where += 1; | 115 | **where = '=';*where += 1; |
| 116 | memcpy(*where, d_url, l); | 116 | memcpy(*where, d_url, l); |
| 117 | *where += l; | 117 | *where += l; |
| 118 | efree(d_url); | 118 | efree(d_url); |
| @@ -141,28 +141,28 @@ char *suhosin_cookie_decryptor(TSRMLS_D) | |||
| 141 | 141 | ||
| 142 | ret = decrypted = emalloc(strlen(raw_cookie)*4+1); | 142 | ret = decrypted = emalloc(strlen(raw_cookie)*4+1); |
| 143 | raw_cookie = estrdup(raw_cookie); | 143 | raw_cookie = estrdup(raw_cookie); |
| 144 | SUHOSIN_G(raw_cookie) = estrdup(raw_cookie); | 144 | SUHOSIN_G(raw_cookie) = estrdup(raw_cookie); |
| 145 | |||
| 145 | 146 | ||
| 146 | |||
| 147 | j = 0; tmp = raw_cookie; | 147 | j = 0; tmp = raw_cookie; |
| 148 | while (*tmp) { | 148 | while (*tmp) { |
| 149 | char *d_url;int varlen; | 149 | char *d_url;int varlen; |
| 150 | while (*tmp == '\t' || *tmp == ' ') tmp++; | 150 | while (*tmp == '\t' || *tmp == ' ') tmp++; |
| 151 | var = tmp; | 151 | var = tmp; |
| 152 | while (*tmp && *tmp != ';' && *tmp != '=') tmp++; | 152 | while (*tmp && *tmp != ';' && *tmp != '=') tmp++; |
| 153 | 153 | ||
| 154 | varlen = tmp-var; | 154 | varlen = tmp-var; |
| 155 | /*memcpy(decrypted, var, varlen); | 155 | /*memcpy(decrypted, var, varlen); |
| 156 | decrypted += varlen;*/ | 156 | decrypted += varlen;*/ |
| 157 | if (*tmp == 0) break; | 157 | if (*tmp == 0) break; |
| 158 | 158 | ||
| 159 | if (*tmp++ == ';') { | 159 | if (*tmp++ == ';') { |
| 160 | *decrypted++ = ';'; | 160 | *decrypted++ = ';'; |
| 161 | continue; | 161 | continue; |
| 162 | } | 162 | } |
| 163 | 163 | ||
| 164 | /**decrypted++ = '=';*/ | 164 | /**decrypted++ = '=';*/ |
| 165 | 165 | ||
| 166 | val = tmp; | 166 | val = tmp; |
| 167 | while (*tmp && *tmp != ';') tmp++; | 167 | while (*tmp && *tmp != ';') tmp++; |
| 168 | 168 | ||
| @@ -170,16 +170,16 @@ char *suhosin_cookie_decryptor(TSRMLS_D) | |||
| 170 | if (*tmp == ';') { | 170 | if (*tmp == ';') { |
| 171 | *decrypted++ = ';'; | 171 | *decrypted++ = ';'; |
| 172 | } | 172 | } |
| 173 | 173 | ||
| 174 | if (*tmp == 0) break; | 174 | if (*tmp == 0) break; |
| 175 | tmp++; | 175 | tmp++; |
| 176 | } | 176 | } |
| 177 | *decrypted++ = 0; | 177 | *decrypted++ = 0; |
| 178 | ret = erealloc(ret, decrypted-ret); | 178 | ret = erealloc(ret, decrypted-ret); |
| 179 | 179 | ||
| 180 | SUHOSIN_G(decrypted_cookie) = ret; | 180 | SUHOSIN_G(decrypted_cookie) = ret; |
| 181 | efree(raw_cookie); | 181 | efree(raw_cookie); |
| 182 | 182 | ||
| 183 | return ret; | 183 | return ret; |
| 184 | } | 184 | } |
| 185 | /* }}} */ | 185 | /* }}} */ |
| @@ -194,9 +194,9 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_header_op_enum | |||
| 194 | if (op != SAPI_HEADER_ADD && op != SAPI_HEADER_REPLACE) { | 194 | if (op != SAPI_HEADER_ADD && op != SAPI_HEADER_REPLACE) { |
| 195 | goto suhosin_skip_header_handling; | 195 | goto suhosin_skip_header_handling; |
| 196 | } | 196 | } |
| 197 | 197 | ||
| 198 | if (sapi_header && sapi_header->header) { | 198 | if (sapi_header && sapi_header->header) { |
| 199 | 199 | ||
| 200 | tmp = sapi_header->header; | 200 | tmp = sapi_header->header; |
| 201 | 201 | ||
| 202 | for (i=0; i<sapi_header->header_len; i++, tmp++) { | 202 | for (i=0; i<sapi_header->header_len; i++, tmp++) { |
| @@ -214,7 +214,7 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_header_op_enum | |||
| 214 | } | 214 | } |
| 215 | if (SUHOSIN_G(allow_multiheader)) { | 215 | if (SUHOSIN_G(allow_multiheader)) { |
| 216 | continue; | 216 | continue; |
| 217 | } else if ((tmp[0] == '\r' && (tmp[1] != '\n' || i == 0)) || | 217 | } else if ((tmp[0] == '\r' && (tmp[1] != '\n' || i == 0)) || |
| 218 | (tmp[0] == '\n' && (i == sapi_header->header_len-1 || i == 0 || (tmp[1] != ' ' && tmp[1] != '\t')))) { | 218 | (tmp[0] == '\n' && (i == sapi_header->header_len-1 || i == 0 || (tmp[1] != ' ' && tmp[1] != '\t')))) { |
| 219 | char *fname = (char *)get_active_function_name(TSRMLS_C); | 219 | char *fname = (char *)get_active_function_name(TSRMLS_C); |
| 220 | 220 | ||
| @@ -236,8 +236,8 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_header_op_enum | |||
| 236 | if (SUHOSIN_G(cookie_encrypt) && (strncasecmp("Set-Cookie:", sapi_header->header, sizeof("Set-Cookie:")-1) == 0)) { | 236 | if (SUHOSIN_G(cookie_encrypt) && (strncasecmp("Set-Cookie:", sapi_header->header, sizeof("Set-Cookie:")-1) == 0)) { |
| 237 | 237 | ||
| 238 | char *start, *end, *rend, *tmp; | 238 | char *start, *end, *rend, *tmp; |
| 239 | char *name, *value; | 239 | char *name, *value; |
| 240 | int nlen, vlen, len, tlen; | 240 | int nlen, vlen, len, tlen; |
| 241 | char cryptkey[33]; | 241 | char cryptkey[33]; |
| 242 | 242 | ||
| 243 | suhosin_generate_key(SUHOSIN_G(cookie_cryptkey), SUHOSIN_G(cookie_cryptua), SUHOSIN_G(cookie_cryptdocroot), SUHOSIN_G(cookie_cryptraddr), (char *)&cryptkey TSRMLS_CC); | 243 | suhosin_generate_key(SUHOSIN_G(cookie_cryptkey), SUHOSIN_G(cookie_cryptua), SUHOSIN_G(cookie_cryptdocroot), SUHOSIN_G(cookie_cryptraddr), (char *)&cryptkey TSRMLS_CC); |
| @@ -264,9 +264,9 @@ int suhosin_header_handler(sapi_header_struct *sapi_header, sapi_header_op_enum | |||
| 264 | } | 264 | } |
| 265 | vlen = end-value; | 265 | vlen = end-value; |
| 266 | 266 | ||
| 267 | value = suhosin_encrypt_single_cookie(name, nlen, value, vlen, (char *)&cryptkey TSRMLS_CC); | 267 | value = suhosin_encrypt_single_cookie(name, nlen, value, vlen, (char *)&cryptkey TSRMLS_CC); |
| 268 | vlen = strlen(value); | 268 | vlen = strlen(value); |
| 269 | 269 | ||
| 270 | len = sizeof("Set-Cookie: ")-1 + nlen + 1 + vlen + rend-end; | 270 | len = sizeof("Set-Cookie: ")-1 + nlen + 1 + vlen + rend-end; |
| 271 | tmp = emalloc(len + 1); | 271 | tmp = emalloc(len + 1); |
| 272 | tlen = sprintf(tmp, "Set-Cookie: %.*s=%s", nlen,name, value); | 272 | tlen = sprintf(tmp, "Set-Cookie: %.*s=%s", nlen,name, value); |
| @@ -321,5 +321,3 @@ void suhosin_unhook_header_handler() | |||
| 321 | * vim600: noet sw=4 ts=4 fdm=marker | 321 | * vim600: noet sw=4 ts=4 fdm=marker |
| 322 | * vim<600: noet sw=4 ts=4 | 322 | * vim<600: noet sw=4 ts=4 |
| 323 | */ | 323 | */ |
| 324 | |||
| 325 | |||