# HG changeset patch # User Igor Sysoev # Date 1187603453 0 # Node ID fdd064faf26a683ffa40ea11dbb8ff53293c8ba1 # Parent df2592d32e49f3b6d7bb9d776e69bfee65ceed7f escape " ", "%", and %00-%1F in login and password diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c --- a/src/core/ngx_string.c +++ b/src/core/ngx_string.c @@ -1019,7 +1019,7 @@ ngx_escape_uri(u_char *dst, u_char *src, 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ }; - /* " ", """, "%", "'", %00-%1F, %7F-%FF */ + /* " ", "#", """, "%", "'", %00-%1F, %7F-%FF */ static uint32_t html[] = { 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ @@ -1039,13 +1039,13 @@ ngx_escape_uri(u_char *dst, u_char *src, 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ }; - /* " ", """, "'", %00-%1F, %7F-%FF */ + /* " ", """, "%", "'", %00-%1F, %7F-%FF */ static uint32_t refresh[] = { 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */ - 0x00000085, /* 0000 0000 0000 0000 0000 0000 1000 0101 */ + 0x000000a5, /* 0000 0000 0000 0000 0000 0000 1010 0101 */ /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */ 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ @@ -1059,13 +1059,13 @@ ngx_escape_uri(u_char *dst, u_char *src, 0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */ }; - /* " ", %00-%1F */ + /* " ", "%", %00-%1F */ static uint32_t memcached[] = { 0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */ /* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */ - 0x00000001, /* 0000 0000 0000 0000 0000 0000 0000 0001 */ + 0x00000021, /* 0000 0000 0000 0000 0000 0000 0010 0001 */ /* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */ 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ @@ -1079,7 +1079,10 @@ ngx_escape_uri(u_char *dst, u_char *src, 0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */ }; - static uint32_t *map[] = { uri, args, html, refresh, memcached }; + /* mail_auth is the same as memcached */ + + static uint32_t *map[] = + { uri, args, html, refresh, memcached, memcached }; escape = map[type]; diff --git a/src/core/ngx_string.h b/src/core/ngx_string.h --- a/src/core/ngx_string.h +++ b/src/core/ngx_string.h @@ -155,6 +155,7 @@ u_char *ngx_utf_cpystrn(u_char *dst, u_c #define NGX_ESCAPE_HTML 2 #define NGX_ESCAPE_REFRESH 3 #define NGX_ESCAPE_MEMCACHED 4 +#define NGX_ESCAPE_MAIL_AUTH 5 #define NGX_UNESCAPE_URI 1 diff --git a/src/mail/ngx_mail_auth_http_module.c b/src/mail/ngx_mail_auth_http_module.c --- a/src/mail/ngx_mail_auth_http_module.c +++ b/src/mail/ngx_mail_auth_http_module.c @@ -1251,18 +1251,10 @@ ngx_mail_auth_http_create_request(ngx_ma static ngx_int_t ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped) { - u_char ch, *p; - ngx_uint_t i, n; - - n = 0; + u_char *p; + uintptr_t n; - for (i = 0; i < text->len; i++) { - ch = text->data[i]; - - if (ch == CR || ch == LF) { - n++; - } - } + n = ngx_escape_uri(NULL, text->data, text->len, NGX_ESCAPE_MAIL_AUTH); if (n == 0) { *escaped = *text; @@ -1276,27 +1268,9 @@ ngx_mail_auth_http_escape(ngx_pool_t *po return NGX_ERROR; } - escaped->data = p; - - for (i = 0; i < text->len; i++) { - ch = text->data[i]; + (void) ngx_escape_uri(p, text->data, text->len, NGX_ESCAPE_MAIL_AUTH); - if (ch == CR) { - *p++ = '%'; - *p++ = '0'; - *p++ = 'D'; - continue; - } - - if (ch == LF) { - *p++ = '%'; - *p++ = '0'; - *p++ = 'A'; - continue; - } - - *p++ = ch; - } + escaped->data = p; return NGX_OK; } diff --git a/src/mail/ngx_mail_parse.c b/src/mail/ngx_mail_parse.c --- a/src/mail/ngx_mail_parse.c +++ b/src/mail/ngx_mail_parse.c @@ -434,6 +434,10 @@ ngx_int_t ngx_imap_parse_command(ngx_mai break; case sw_argument: + if (ch == ' ' && s->quoted) { + break; + } + switch (ch) { case '"': if (!s->quoted) {