-
Notifications
You must be signed in to change notification settings - Fork 603
Conversation
naxsi_src/naxsi_utils.c
Outdated
|
||
/* unescape routine : | ||
- returns number of nullbytes present | ||
- returns -1 if overlong utf8 sequence |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this comment wrong?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
100% :D
if (ngx_utf8_check(name) != NULL) { | ||
ngx_http_apply_rulematch_v_n(&nx_int__bad_utf8, ctx, req, NULL, NULL, zone, 1, 1); | ||
return (0); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
else if
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yep :)
naxsi_src/naxsi_utils.c
Outdated
/* 110XXXXx 10xxxxxx */ | ||
if ((s[1] & 0xc0) != 0x80 || | ||
(s[0] & 0xfe) == 0xc0) /* overlong? */ | ||
return s; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add braces {}
on that else if
naxsi_src/naxsi_utils.c
Outdated
(s[0] == 0xf0 && (s[1] & 0xf0) == 0x80) || /* overlong? */ | ||
(s[0] == 0xf4 && s[1] > 0x8f) || s[0] > 0xf4) /* > U+10FFFF? */ | ||
return s; | ||
else |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add braces {}
on that else
naxsi_src/naxsi_utils.c
Outdated
else | ||
s += 4; | ||
} | ||
else |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add braces {}
on that else
naxsi_src/naxsi_utils.c
Outdated
|
||
|
||
/* | ||
unescape routine : |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How can you return two values in a int
;)
Add a generic internal rule associated to detection of overlong/surrogate utf8