From 65567a0c47415880af1099207ccdf619eda33e19 Mon Sep 17 00:00:00 2001 From: Igor Sysoev Date: Sat, 22 Sep 2007 19:15:01 +0000 Subject: r1406 merge: escape " ", "%", and %00-%1F in login and password --- src/mail/ngx_mail_auth_http_module.c | 36 +++++------------------------------- src/mail/ngx_mail_parse.c | 4 ++++ 2 files changed, 9 insertions(+), 31 deletions(-) (limited to 'src/mail') diff --git a/src/mail/ngx_mail_auth_http_module.c b/src/mail/ngx_mail_auth_http_module.c index 52031b340..906152ce8 100644 --- a/src/mail/ngx_mail_auth_http_module.c +++ b/src/mail/ngx_mail_auth_http_module.c @@ -1251,18 +1251,10 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool, static ngx_int_t ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped) { - u_char ch, *p; - ngx_uint_t i, n; + u_char *p; + uintptr_t n; - n = 0; - - for (i = 0; i < text->len; i++) { - ch = text->data[i]; - - if (ch == CR || ch == LF) { - n++; - } - } + n = ngx_escape_uri(NULL, text->data, text->len, NGX_ESCAPE_MAIL_AUTH); if (n == 0) { *escaped = *text; @@ -1276,27 +1268,9 @@ ngx_mail_auth_http_escape(ngx_pool_t *pool, ngx_str_t *text, ngx_str_t *escaped) return NGX_ERROR; } - escaped->data = p; - - for (i = 0; i < text->len; i++) { - ch = text->data[i]; - - if (ch == CR) { - *p++ = '%'; - *p++ = '0'; - *p++ = 'D'; - continue; - } + (void) ngx_escape_uri(p, text->data, text->len, NGX_ESCAPE_MAIL_AUTH); - if (ch == LF) { - *p++ = '%'; - *p++ = '0'; - *p++ = 'A'; - continue; - } - - *p++ = ch; - } + escaped->data = p; return NGX_OK; } diff --git a/src/mail/ngx_mail_parse.c b/src/mail/ngx_mail_parse.c index fa0fda31b..c959b44b2 100644 --- a/src/mail/ngx_mail_parse.c +++ b/src/mail/ngx_mail_parse.c @@ -434,6 +434,10 @@ ngx_int_t ngx_imap_parse_command(ngx_mail_session_t *s) break; case sw_argument: + if (ch == ' ' && s->quoted) { + break; + } + switch (ch) { case '"': if (!s->quoted) { -- cgit