Mercurial > hg > nginx-vendor-1-0
comparison src/core/ngx_string.c @ 320:95183808f549 NGINX_0_6_4
nginx 0.6.4
*) Security: the "msie_refresh" directive allowed XSS.
Thanks to Maxim Boguk.
*) Change: the "proxy_store" and "fastcgi_store" directives were
changed.
*) Feature: the "proxy_store_access" and "fastcgi_store_access"
directives.
*) Bugfix: nginx did not work on Solaris/sparc64 if it was built by Sun
Studio.
Thanks to Andrei Nigmatulin.
*) Workaround: for Sun Studio 12.
Thanks to Jiang Hong.
| author | Igor Sysoev <http://sysoev.ru> |
|---|---|
| date | Tue, 17 Jul 2007 00:00:00 +0400 |
| parents | 9b7db0df50f0 |
| children | d16d691432c9 |
comparison
equal
deleted
inserted
replaced
| 319:6ccd0af7f704 | 320:95183808f549 |
|---|---|
| 103 | 103 |
| 104 | 104 |
| 105 u_char * | 105 u_char * |
| 106 ngx_vsnprintf(u_char *buf, size_t max, const char *fmt, va_list args) | 106 ngx_vsnprintf(u_char *buf, size_t max, const char *fmt, va_list args) |
| 107 { | 107 { |
| 108 u_char *p, zero, *last, temp[NGX_INT64_LEN + 1]; | 108 u_char *p, zero, *last, temp[NGX_INT64_LEN + 1]; |
| 109 /* | 109 /* |
| 110 * really we need temp[NGX_INT64_LEN] only, | 110 * really we need temp[NGX_INT64_LEN] only, |
| 111 * but icc issues the warning | 111 * but icc issues the warning |
| 112 */ | 112 */ |
| 113 int d; | 113 int d; |
| 114 size_t len; | 114 size_t len; |
| 115 uint32_t ui32; | 115 uint32_t ui32; |
| 116 int64_t i64; | 116 int64_t i64; |
| 117 uint64_t ui64; | 117 uint64_t ui64; |
| 118 ngx_msec_t ms; | 118 ngx_msec_t ms; |
| 119 ngx_str_t *s; | 119 ngx_uint_t width, sign, hexadecimal, max_width; |
| 120 ngx_uint_t width, sign, hexadecimal, max_width; | 120 ngx_variable_value_t *v; |
| 121 static u_char hex[] = "0123456789abcdef"; | 121 static u_char hex[] = "0123456789abcdef"; |
| 122 static u_char HEX[] = "0123456789ABCDEF"; | 122 static u_char HEX[] = "0123456789ABCDEF"; |
| 123 | 123 |
| 124 if (max == 0) { | 124 if (max == 0) { |
| 125 return buf; | 125 return buf; |
| 126 } | 126 } |
| 127 | 127 |
| 186 | 186 |
| 187 | 187 |
| 188 switch (*fmt) { | 188 switch (*fmt) { |
| 189 | 189 |
| 190 case 'V': | 190 case 'V': |
| 191 s = va_arg(args, ngx_str_t *); | 191 v = va_arg(args, ngx_variable_value_t *); |
| 192 | 192 |
| 193 len = s->len & 0xffff; | 193 len = v->len; |
| 194 len = (buf + len < last) ? len : (size_t) (last - buf); | 194 len = (buf + len < last) ? len : (size_t) (last - buf); |
| 195 | 195 |
| 196 buf = ngx_cpymem(buf, s->data, len); | 196 buf = ngx_cpymem(buf, v->data, len); |
| 197 fmt++; | 197 fmt++; |
| 198 | 198 |
| 199 continue; | 199 continue; |
| 200 | 200 |
| 201 case 's': | 201 case 's': |
| 1023 | 1023 |
| 1024 static uint32_t html[] = { | 1024 static uint32_t html[] = { |
| 1025 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | 1025 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ |
| 1026 | 1026 |
| 1027 /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */ | 1027 /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */ |
| 1028 0x800000ad, /* 0000 0000 0000 0000 0000 0000 1010 1101 */ | 1028 0x000000ad, /* 0000 0000 0000 0000 0000 0000 1010 1101 */ |
| 1029 | 1029 |
| 1030 /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */ | 1030 /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */ |
| 1031 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ | 1031 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ |
| 1032 | 1032 |
| 1033 /* ~}| {zyx wvut srqp onml kjih gfed cba` */ | 1033 /* ~}| {zyx wvut srqp onml kjih gfed cba` */ |
| 1037 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | 1037 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ |
| 1038 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | 1038 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ |
| 1039 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | 1039 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ |
| 1040 }; | 1040 }; |
| 1041 | 1041 |
| 1042 | 1042 /* " ", """, "'", %00-%1F, %7F-%FF */ |
| 1043 switch (type) { | 1043 |
| 1044 case NGX_ESCAPE_HTML: | 1044 static uint32_t refresh[] = { |
| 1045 escape = html; | 1045 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ |
| 1046 break; | 1046 |
| 1047 case NGX_ESCAPE_ARGS: | 1047 /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */ |
| 1048 escape = args; | 1048 0x00000085, /* 0000 0000 0000 0000 0000 0000 1000 0101 */ |
| 1049 break; | 1049 |
| 1050 default: | 1050 /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */ |
| 1051 escape = uri; | 1051 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ |
| 1052 break; | 1052 |
| 1053 } | 1053 /* ~}| {zyx wvut srqp onml kjih gfed cba` */ |
| 1054 0x80000000, /* 1000 0000 0000 0000 0000 0000 0000 0000 */ | |
| 1055 | |
| 1056 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | |
| 1057 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | |
| 1058 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | |
| 1059 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ | |
| 1060 }; | |
| 1061 | |
| 1062 static uint32_t *map[] = { uri, args, html, refresh }; | |
| 1063 | |
| 1064 | |
| 1065 escape = map[type]; | |
| 1054 | 1066 |
| 1055 if (dst == NULL) { | 1067 if (dst == NULL) { |
| 1056 | 1068 |
| 1057 /* find the number of the characters to be escaped */ | 1069 /* find the number of the characters to be escaped */ |
| 1058 | 1070 |