[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #56197] HTTPD SSI handler does not handle character se
From: |
Matthias Dietrich |
Subject: |
[lwip-devel] [bug #56197] HTTPD SSI handler does not handle character sequence /< properly |
Date: |
Tue, 23 Apr 2019 08:06:03 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 |
URL:
<https://savannah.nongnu.org/bugs/?56197>
Summary: HTTPD SSI handler does not handle character sequence
/< properly
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: mdietrich
Submitted on: Tue 23 Apr 2019 12:06:00 PM UTC
Category: apps
Severity: 3 - Normal
Item Group: Faulty Behaviour
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
lwIP version: Other
_______________________________________________________
Details:
The httpd server supports two sets of SSI markers ('<!--#' and '/*#').
Unfortunately, the parsing function does not handle properly the case where a
character sequence starts with characters of one marker and continues with the
first character of another marker.
Example: <img src="images/<!--#PicDevice-->.png" />
When the parser hits the first '/' character, it changes its state from
TAG_NONE to TAG_LEADIN, as '/' could be the start of the '/*#' marker. The
parser then moves to the next character ('<'). The state machine now checks
whether this character ('<') matches the '/*#' marker. As this is not the
case, the state is switched back to TAG_NONE and the parser moves to the next
character ('!'). Unfortunenately, we have now lost the possibility of checking
whether '<' was the start of a marker.
Suggestion:
in the state "TAG_LEADIN", only move to the next character
in the stream when we have found a matching character,
otherwise just change the state back to TAG_NONE but do not
increase ssi->parsed. This allows to parse again the current character and
detect the start of another marker.
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/bugs/?56197>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lwip-devel] [bug #56197] HTTPD SSI handler does not handle character sequence /< properly,
Matthias Dietrich <=