array index whitelist/blacklist for multipart formdata

author: Ben Fuhrmannek 2014-09-25 18:07:55 +0200
committer: Ben Fuhrmannek 2014-09-25 18:07:55 +0200
commit: 49a4321cec080d61ff112aaf27f55257e62402f9 (patch)
tree: c3500f64ef6cc5d45d70296339827857de1bf889 /ifilter.c
parent: 594c8df58c6f7f9b9610c7f0fd11da08a532de98 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/ifilter.c b/ifilter.c
index 4ea846f..47ab6f2 100644
--- a/ifilter.c
+++ b/ifilter.c
@@ -41,7 +41,7 @@ static size_t strnlen(const char *s, size_t maxlen) {
 }
 #endif
-static size_t strnspn(const char *input, size_t n, const char *accept)
+size_t suhosin_strnspn(const char *input, size_t n, const char *accept)
 {
        size_t count = 0;
        for (; *input != '\0' && count < n; input++, count++) {
@@ -51,7 +51,7 @@ static size_t strnspn(const char *input, size_t n, const char *accept)
        return count;
 }
-static size_t strncspn(const char *input, size_t n, const char *reject)
+size_t suhosin_strncspn(const char *input, size_t n, const char *reject)
 {
        size_t count = 0;
        for (; *input != '\0' && count < n; input++, count++) {
@@ -581,14 +581,14 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
                
                /* index whitelist/blacklist */
                if (SUHOSIN_G(array_index_whitelist) && *(SUHOSIN_G(array_index_whitelist))) {
-                        if (strnspn(index, index_length, SUHOSIN_G(array_index_whitelist)) != index_length) {
+                        if (suhosin_strnspn(index, index_length, SUHOSIN_G(array_index_whitelist)) != index_length) {
                                suhosin_log(S_VARS, "array index contains not whitelisted characters - dropped variable '%s'", var);
                                if (!SUHOSIN_G(simulation)) {
                                        return 0;
                                }
                        }
                } else if (SUHOSIN_G(array_index_blacklist) && *(SUHOSIN_G(array_index_blacklist))) {
-                        if (strncspn(index, index_length, SUHOSIN_G(array_index_blacklist)) != index_length) {
+                        if (suhosin_strncspn(index, index_length, SUHOSIN_G(array_index_blacklist)) != index_length) {
                                suhosin_log(S_VARS, "array index contains blacklisted characters - dropped variable '%s'", var);
                                if (!SUHOSIN_G(simulation)) {
                                        return 0;
author	Ben Fuhrmannek	2014-09-25 18:07:55 +0200
committer	Ben Fuhrmannek	2014-09-25 18:07:55 +0200
commit	49a4321cec080d61ff112aaf27f55257e62402f9 (patch)
tree	c3500f64ef6cc5d45d70296339827857de1bf889 /ifilter.c
parent	594c8df58c6f7f9b9610c7f0fd11da08a532de98 (diff)

diff --git a/ifilter.c b/ifilter.c index 4ea846f..47ab6f2 100644 --- a/ifilter.c +++ b/ifilter.c
@@ -41,7 +41,7 @@ static size_t strnlen(const char *s, size_t maxlen) {
41	}	41	}
42	#endif	42	#endif
43		43
44	static size_t strnspn(const char input, size_t n, const char accept)	44	size_t suhosin_strnspn(const char input, size_t n, const char accept)
45	{	45	{
46	size_t count = 0;	46	size_t count = 0;
47	for (; *input != '\0' && count < n; input++, count++) {	47	for (; *input != '\0' && count < n; input++, count++) {
@@ -51,7 +51,7 @@ static size_t strnspn(const char input, size_t n, const char accept)
51	return count;	51	return count;
52	}	52	}
53		53
54	static size_t strncspn(const char input, size_t n, const char reject)	54	size_t suhosin_strncspn(const char input, size_t n, const char reject)
55	{	55	{
56	size_t count = 0;	56	size_t count = 0;
57	for (; *input != '\0' && count < n; input++, count++) {	57	for (; *input != '\0' && count < n; input++, count++) {
@@ -581,14 +581,14 @@ unsigned int suhosin_input_filter(int arg, char var, char *val, unsigned int v
581		581
582	/* index whitelist/blacklist */	582	/* index whitelist/blacklist */
583	if (SUHOSIN_G(array_index_whitelist) && *(SUHOSIN_G(array_index_whitelist))) {	583	if (SUHOSIN_G(array_index_whitelist) && *(SUHOSIN_G(array_index_whitelist))) {
584	if (strnspn(index, index_length, SUHOSIN_G(array_index_whitelist)) != index_length) {	584	if (suhosin_strnspn(index, index_length, SUHOSIN_G(array_index_whitelist)) != index_length) {
585	suhosin_log(S_VARS, "array index contains not whitelisted characters - dropped variable '%s'", var);	585	suhosin_log(S_VARS, "array index contains not whitelisted characters - dropped variable '%s'", var);
586	if (!SUHOSIN_G(simulation)) {	586	if (!SUHOSIN_G(simulation)) {
587	return 0;	587	return 0;
588	}	588	}
589	}	589	}
590	} else if (SUHOSIN_G(array_index_blacklist) && *(SUHOSIN_G(array_index_blacklist))) {	590	} else if (SUHOSIN_G(array_index_blacklist) && *(SUHOSIN_G(array_index_blacklist))) {
591	if (strncspn(index, index_length, SUHOSIN_G(array_index_blacklist)) != index_length) {	591	if (suhosin_strncspn(index, index_length, SUHOSIN_G(array_index_blacklist)) != index_length) {
592	suhosin_log(S_VARS, "array index contains blacklisted characters - dropped variable '%s'", var);	592	suhosin_log(S_VARS, "array index contains blacklisted characters - dropped variable '%s'", var);
593	if (!SUHOSIN_G(simulation)) {	593	if (!SUHOSIN_G(simulation)) {
594	return 0;	594	return 0;