Merged revisions 7637 via svnmerge from
/branches/1.2 git-svn-id: http://svn.digium.com/svn/asterisk/trunk@7638 f38db490-d61c-443f-a65b-d21fe96a405b
This commit is contained in:
parent
262e9759c4
commit
5655a3c810
116
cdr/cdr_tds.c
116
cdr/cdr_tds.c
|
@ -98,7 +98,6 @@ static TDSSOCKET *tds;
|
||||||
static TDSLOGIN *login;
|
static TDSLOGIN *login;
|
||||||
static TDSCONTEXT *context;
|
static TDSCONTEXT *context;
|
||||||
|
|
||||||
static char *stristr(const char*, const char*);
|
|
||||||
static char *anti_injection(const char *, int);
|
static char *anti_injection(const char *, int);
|
||||||
static void get_date(char *, struct timeval);
|
static void get_date(char *, struct timeval);
|
||||||
|
|
||||||
|
@ -233,119 +232,6 @@ static int tds_log(struct ast_cdr *cdr)
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Return the offset of one string within another.
|
|
||||||
Copyright (C) 1994, 1996, 1997, 2000, 2001 Free Software Foundation, Inc.
|
|
||||||
This file is part of the GNU C Library.
|
|
||||||
|
|
||||||
The GNU C Library is free software; you can redistribute it and/or
|
|
||||||
modify it under the terms of the GNU Lesser General Public
|
|
||||||
License as published by the Free Software Foundation; either
|
|
||||||
version 2.1 of the License, or (at your option) any later version.
|
|
||||||
|
|
||||||
The GNU C Library is distributed in the hope that it will be useful,
|
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
Lesser General Public License for more details.
|
|
||||||
|
|
||||||
You should have received a copy of the GNU Lesser General Public
|
|
||||||
License along with the GNU C Library; if not, write to the Free
|
|
||||||
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
|
||||||
02111-1307 USA. */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* My personal strstr() implementation that beats most other algorithms.
|
|
||||||
* Until someone tells me otherwise, I assume that this is the
|
|
||||||
* fastest implementation of strstr() in C.
|
|
||||||
* I deliberately chose not to comment it. You should have at least
|
|
||||||
* as much fun trying to understand it, as I had to write it :-).
|
|
||||||
*
|
|
||||||
* Stephen R. van den Berg, berg@pool.informatik.rwth-aachen.de */
|
|
||||||
|
|
||||||
static char *
|
|
||||||
stristr (phaystack, pneedle)
|
|
||||||
const char *phaystack;
|
|
||||||
const char *pneedle;
|
|
||||||
{
|
|
||||||
typedef unsigned chartype;
|
|
||||||
|
|
||||||
const unsigned char *haystack, *needle;
|
|
||||||
chartype b;
|
|
||||||
const unsigned char *rneedle;
|
|
||||||
|
|
||||||
haystack = (const unsigned char *) phaystack;
|
|
||||||
|
|
||||||
if ((b = toupper(*(needle = (const unsigned char *) pneedle))))
|
|
||||||
{
|
|
||||||
chartype c;
|
|
||||||
haystack--; /* possible ANSI violation */
|
|
||||||
|
|
||||||
{
|
|
||||||
chartype a;
|
|
||||||
do
|
|
||||||
if (!(a = toupper(*++haystack)))
|
|
||||||
goto ret0;
|
|
||||||
while (a != b);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!(c = toupper(*++needle)))
|
|
||||||
goto foundneedle;
|
|
||||||
++needle;
|
|
||||||
goto jin;
|
|
||||||
|
|
||||||
for (;;)
|
|
||||||
{
|
|
||||||
{
|
|
||||||
chartype a;
|
|
||||||
if (0)
|
|
||||||
jin:{
|
|
||||||
if ((a = toupper(*++haystack)) == c)
|
|
||||||
goto crest;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
a = toupper(*++haystack);
|
|
||||||
do
|
|
||||||
{
|
|
||||||
for (; a != b; a = toupper(*++haystack))
|
|
||||||
{
|
|
||||||
if (!a)
|
|
||||||
goto ret0;
|
|
||||||
if ((a = toupper(*++haystack)) == b)
|
|
||||||
break;
|
|
||||||
if (!a)
|
|
||||||
goto ret0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
while ((a = toupper(*++haystack)) != c);
|
|
||||||
}
|
|
||||||
crest:
|
|
||||||
{
|
|
||||||
chartype a;
|
|
||||||
{
|
|
||||||
const unsigned char *rhaystack;
|
|
||||||
if (toupper(*(rhaystack = haystack-- + 1)) == (a = toupper(*(rneedle = needle))))
|
|
||||||
do
|
|
||||||
{
|
|
||||||
if (!a)
|
|
||||||
goto foundneedle;
|
|
||||||
if (toupper(*++rhaystack) != (a = toupper(*++needle)))
|
|
||||||
break;
|
|
||||||
if (!a)
|
|
||||||
goto foundneedle;
|
|
||||||
}
|
|
||||||
while (toupper(*++rhaystack) == (a = toupper(*++needle)));
|
|
||||||
needle = rneedle; /* took the register-poor aproach */
|
|
||||||
}
|
|
||||||
if (!a)
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
foundneedle:
|
|
||||||
return (char *) haystack;
|
|
||||||
ret0:
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static char *anti_injection(const char *str, int len)
|
static char *anti_injection(const char *str, int len)
|
||||||
{
|
{
|
||||||
/* Reference to http://www.nextgenss.com/papers/advanced_sql_injection.pdf */
|
/* Reference to http://www.nextgenss.com/papers/advanced_sql_injection.pdf */
|
||||||
|
@ -376,7 +262,7 @@ static char *anti_injection(const char *str, int len)
|
||||||
/* Erase known bad input */
|
/* Erase known bad input */
|
||||||
for (idx=0; *known_bad[idx]; idx++)
|
for (idx=0; *known_bad[idx]; idx++)
|
||||||
{
|
{
|
||||||
while((srh_ptr = stristr(buf, known_bad[idx]))) /* fix me! */
|
while((srh_ptr = strcasestr(buf, known_bad[idx])))
|
||||||
{
|
{
|
||||||
memmove(srh_ptr, srh_ptr+strlen(known_bad[idx]), strlen(srh_ptr+strlen(known_bad[idx]))+1);
|
memmove(srh_ptr, srh_ptr+strlen(known_bad[idx]), strlen(srh_ptr+strlen(known_bad[idx]))+1);
|
||||||
}
|
}
|
||||||
|
|
Reference in New Issue