array index whitelist/blacklist

author: Ben Fuhrmannek 2014-09-25 17:24:39 +0200
committer: Ben Fuhrmannek 2014-09-25 17:24:39 +0200
commit: 594c8df58c6f7f9b9610c7f0fd11da08a532de98 (patch)
tree: 7f1286f40af4133aa01035ec9303e1a9aabccd2e /ifilter.c
parent: 8f2433d78347b2f1542e95652fa74d38346fb6ec (diff)
1 files changed, 39 insertions, 1 deletions
diff --git a/ifilter.c b/ifilter.c
index 48b62c7..4ea846f 100644
--- a/ifilter.c
+++ b/ifilter.c
@@ -41,6 +41,26 @@ static size_t strnlen(const char *s, size_t maxlen) {
 }
 #endif
+static size_t strnspn(const char *input, size_t n, const char *accept)
+{
+        size_t count = 0;
+        for (; *input != '\0' && count < n; input++, count++) {
+                if (strchr(accept, *input) == NULL)
+                        break;
+        }
+        return count;
+}
+static size_t strncspn(const char *input, size_t n, const char *reject)
+{
+        size_t count = 0;
+        for (; *input != '\0' && count < n; input++, count++) {
+                if (strchr(reject, *input) != NULL)
+                        break;
+        }
+        return count;
+}
 /* {{{ normalize_varname
 */
@@ -524,7 +544,8 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
                }
                
                index_length = index_end - index;
-                        
+                
+                /* max. array index length */
                if (SUHOSIN_G(max_array_index_length) && SUHOSIN_G(max_array_index_length) < index_length) {
                        suhosin_log(S_VARS, "configured request variable array index length limit exceeded - dropped variable '%s'", var);
                        if (!SUHOSIN_G(simulation)) {
@@ -558,6 +579,23 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
                                break;
                }
                
+                /* index whitelist/blacklist */
+                if (SUHOSIN_G(array_index_whitelist) && *(SUHOSIN_G(array_index_whitelist))) {
+                        if (strnspn(index, index_length, SUHOSIN_G(array_index_whitelist)) != index_length) {
+                                suhosin_log(S_VARS, "array index contains not whitelisted characters - dropped variable '%s'", var);
+                                if (!SUHOSIN_G(simulation)) {
+                                        return 0;
+                                }
+                        }
+                } else if (SUHOSIN_G(array_index_blacklist) && *(SUHOSIN_G(array_index_blacklist))) {
+                        if (strncspn(index, index_length, SUHOSIN_G(array_index_blacklist)) != index_length) {
+                                suhosin_log(S_VARS, "array index contains blacklisted characters - dropped variable '%s'", var);
+                                if (!SUHOSIN_G(simulation)) {
+                                        return 0;
+                                }
+                        }
+                }
+                
                index = strchr(index, '[');
        }
author	Ben Fuhrmannek	2014-09-25 17:24:39 +0200
committer	Ben Fuhrmannek	2014-09-25 17:24:39 +0200
commit	594c8df58c6f7f9b9610c7f0fd11da08a532de98 (patch)
tree	7f1286f40af4133aa01035ec9303e1a9aabccd2e /ifilter.c
parent	8f2433d78347b2f1542e95652fa74d38346fb6ec (diff)

diff --git a/ifilter.c b/ifilter.c index 48b62c7..4ea846f 100644 --- a/ifilter.c +++ b/ifilter.c
@@ -41,6 +41,26 @@ static size_t strnlen(const char *s, size_t maxlen) {
41	}	41	}
42	#endif	42	#endif
43		43
		44	static size_t strnspn(const char input, size_t n, const char accept)
		45	{
		46	size_t count = 0;
		47	for (; *input != '\0' && count < n; input++, count++) {
		48	if (strchr(accept, *input) == NULL)
		49	break;
		50	}
		51	return count;
		52	}
		53
		54	static size_t strncspn(const char input, size_t n, const char reject)
		55	{
		56	size_t count = 0;
		57	for (; *input != '\0' && count < n; input++, count++) {
		58	if (strchr(reject, *input) != NULL)
		59	break;
		60	}
		61	return count;
		62	}
		63
44		64
45	/* {{{ normalize_varname	65	/* {{{ normalize_varname
46	*/	66	*/
@@ -524,7 +544,8 @@ unsigned int suhosin_input_filter(int arg, char var, char *val, unsigned int v
524	}	544	}
525		545
526	index_length = index_end - index;	546	index_length = index_end - index;
527		547
		548	/* max. array index length */
528	if (SUHOSIN_G(max_array_index_length) && SUHOSIN_G(max_array_index_length) < index_length) {	549	if (SUHOSIN_G(max_array_index_length) && SUHOSIN_G(max_array_index_length) < index_length) {
529	suhosin_log(S_VARS, "configured request variable array index length limit exceeded - dropped variable '%s'", var);	550	suhosin_log(S_VARS, "configured request variable array index length limit exceeded - dropped variable '%s'", var);
530	if (!SUHOSIN_G(simulation)) {	551	if (!SUHOSIN_G(simulation)) {
@@ -558,6 +579,23 @@ unsigned int suhosin_input_filter(int arg, char var, char *val, unsigned int v
558	break;	579	break;
559	}	580	}
560		581
		582	/* index whitelist/blacklist */
		583	if (SUHOSIN_G(array_index_whitelist) && *(SUHOSIN_G(array_index_whitelist))) {
		584	if (strnspn(index, index_length, SUHOSIN_G(array_index_whitelist)) != index_length) {
		585	suhosin_log(S_VARS, "array index contains not whitelisted characters - dropped variable '%s'", var);
		586	if (!SUHOSIN_G(simulation)) {
		587	return 0;
		588	}
		589	}
		590	} else if (SUHOSIN_G(array_index_blacklist) && *(SUHOSIN_G(array_index_blacklist))) {
		591	if (strncspn(index, index_length, SUHOSIN_G(array_index_blacklist)) != index_length) {
		592	suhosin_log(S_VARS, "array index contains blacklisted characters - dropped variable '%s'", var);
		593	if (!SUHOSIN_G(simulation)) {
		594	return 0;
		595	}
		596	}
		597	}
		598
561	index = strchr(index, '[');	599	index = strchr(index, '[');
562	}	600	}
563		601