cvs commit: apache-1.3/src/main gen_test_char.c

[wr...@apache.org]

wrowe       02/03/21 08:02:03

  Modified:    src/main gen_test_char.c
  Log:
    Add % and \r [C/R] to the dangerous Win32/OS2 characters.
    Retain the Unix sh escapes list for compatibility.
    [William Rowe]
  
  Revision  Changes    Path
  1.7       +15 -1     apache-1.3/src/main/gen_test_char.c
  
  Index: gen_test_char.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/main/gen_test_char.c,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- gen_test_char.c	9 Feb 1999 12:29:56 -0000	1.6
  +++ gen_test_char.c	21 Mar 2002 16:02:03 -0000	1.7
  @@ -37,9 +37,23 @@
   	    printf("\n    ");
   
   	/* escape_shell_cmd */
  -	if (strchr("&;`'\"|*?~<>^()[]{}$\\\n", c)) {
  +#if defined(WIN32) || defined(OS2)
  +        /* Win32/OS2 have many of the same vulnerable characters
  +         * as Unix sh, plus the carriage return and percent char.
  +         * The proper escaping of these characters varies from unix
  +         * since Win32/OS2 use carets or doubled-double quotes, 
  +         * and neither lf nor cr can be escaped.  We escape unix 
  +         * specific as well, to assure that cross-compiled unix 
  +         * applications behave similiarly when invoked on win32/os2.
  +         */
  +        if (strchr("&;`'\"|*?~<>^()[]{}$\\\n\r%", c)) {
   	    flags |= T_ESCAPE_SHELL_CMD;
   	}
  +#else
  +        if (strchr("&;`'\"|*?~<>^()[]{}$\\\n", c)) {
  +	    flags |= T_ESCAPE_SHELL_CMD;
  +	}
  +#endif
   
   	if (!ap_isalnum(c) && !strchr("$-_.+!*'(),:@&=~", c)) {
   	    flags |= T_ESCAPE_PATH_SEGMENT;