Software `/` code `/` prosody

Annotate

util-src/strbitop.c @ 12180:53e0ae770917

util.xml: Do not allow doctypes, comments or processing instructions Yes. This is as bad as it sounds. CVE pending. In Prosody itself, this only affects mod_websocket, which uses util.xml to parse the <open/> frame, thus allowing unauthenticated remote DoS using Billion Laughs. However, third-party modules using util.xml may also be affected by this. This commit installs handlers which disallow the use of doctype declarations and processing instructions without any escape hatch. It, by default, also introduces such a handler for comments, however, there is a way to enable comments nontheless. This is because util.xml is used to parse human-facing data, where comments are generally a desirable feature, and also because comments are generally harmless.

author	Jonas Schäfer <jonas@wielicki.name>
date	Mon, 10 Jan 2022 18:23:54 +0100
parent	11175:235537247aa3
child	12469:2b3adaa6d38e

rev	line source
11163 37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	1 /*
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	2 * This project is MIT licensed. Please see the
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	3 * COPYING file in the source package for more information.
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	4 *
11172 712b2e6a09d9 Back out 6dde2c9fa272: Doesn't work on Lua 5.1 Kim Alvefur <zash@zash.se> parents: 11171 diff changeset	5 * Copyright (C) 2016 Kim Alvefur
11163 37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	6 */
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	7
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	8 #include <lua.h>
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	9 #include <lauxlib.h>
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	10
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	11 #if (LUA_VERSION_NUM == 501)
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	12 #define luaL_setfuncs(L, R, N) luaL_register(L, NULL, R)
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	13 #endif
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	14
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	15 /* TODO Deduplicate code somehow */
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	16
11167 ba32b9a6d75b util.strbitop: Reformat code Kim Alvefur <zash@zash.se> parents: 11163 diff changeset	17 int strop_and(lua_State *L) {
11163 37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	18 luaL_Buffer buf;
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	19 size_t a, b, i;
11167 ba32b9a6d75b util.strbitop: Reformat code Kim Alvefur <zash@zash.se> parents: 11163 diff changeset	20 const char *str_a = luaL_checklstring(L, 1, &a);
ba32b9a6d75b util.strbitop: Reformat code Kim Alvefur <zash@zash.se> parents: 11163 diff changeset	21 const char *str_b = luaL_checklstring(L, 2, &b);
11163 37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	22
11175 235537247aa3 Back out changeset 2c1583bb0e0f Kim Alvefur <zash@zash.se> parents: 11172 diff changeset	23 luaL_buffinit(L, &buf);
235537247aa3 Back out changeset 2c1583bb0e0f Kim Alvefur <zash@zash.se> parents: 11172 diff changeset	24
11163 37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	25 if(a == 0 \|\| b == 0) {
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	26 lua_settop(L, 1);
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	27 return 1;
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	28 }
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	29
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	30 for(i = 0; i < a; i++) {
11172 712b2e6a09d9 Back out 6dde2c9fa272: Doesn't work on Lua 5.1 Kim Alvefur <zash@zash.se> parents: 11171 diff changeset	31 luaL_addchar(&buf, str_a[i] & str_b[i % b]);
11163 37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	32 }
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	33
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	34 luaL_pushresult(&buf);
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	35 return 1;
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	36 }
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	37
11167 ba32b9a6d75b util.strbitop: Reformat code Kim Alvefur <zash@zash.se> parents: 11163 diff changeset	38 int strop_or(lua_State *L) {
11163 37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	39 luaL_Buffer buf;
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	40 size_t a, b, i;
11167 ba32b9a6d75b util.strbitop: Reformat code Kim Alvefur <zash@zash.se> parents: 11163 diff changeset	41 const char *str_a = luaL_checklstring(L, 1, &a);
ba32b9a6d75b util.strbitop: Reformat code Kim Alvefur <zash@zash.se> parents: 11163 diff changeset	42 const char *str_b = luaL_checklstring(L, 2, &b);
11163 37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	43
11175 235537247aa3 Back out changeset 2c1583bb0e0f Kim Alvefur <zash@zash.se> parents: 11172 diff changeset	44 luaL_buffinit(L, &buf);
235537247aa3 Back out changeset 2c1583bb0e0f Kim Alvefur <zash@zash.se> parents: 11172 diff changeset	45
11163 37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	46 if(a == 0 \|\| b == 0) {
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	47 lua_settop(L, 1);
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	48 return 1;
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	49 }
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	50
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	51 for(i = 0; i < a; i++) {
11172 712b2e6a09d9 Back out 6dde2c9fa272: Doesn't work on Lua 5.1 Kim Alvefur <zash@zash.se> parents: 11171 diff changeset	52 luaL_addchar(&buf, str_a[i] \| str_b[i % b]);
11163 37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	53 }
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	54
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	55 luaL_pushresult(&buf);
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	56 return 1;
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	57 }
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	58
11167 ba32b9a6d75b util.strbitop: Reformat code Kim Alvefur <zash@zash.se> parents: 11163 diff changeset	59 int strop_xor(lua_State *L) {
11163 37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	60 luaL_Buffer buf;
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	61 size_t a, b, i;
11167 ba32b9a6d75b util.strbitop: Reformat code Kim Alvefur <zash@zash.se> parents: 11163 diff changeset	62 const char *str_a = luaL_checklstring(L, 1, &a);
ba32b9a6d75b util.strbitop: Reformat code Kim Alvefur <zash@zash.se> parents: 11163 diff changeset	63 const char *str_b = luaL_checklstring(L, 2, &b);
11163 37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	64
11172 712b2e6a09d9 Back out 6dde2c9fa272: Doesn't work on Lua 5.1 Kim Alvefur <zash@zash.se> parents: 11171 diff changeset	65 luaL_buffinit(L, &buf);
712b2e6a09d9 Back out 6dde2c9fa272: Doesn't work on Lua 5.1 Kim Alvefur <zash@zash.se> parents: 11171 diff changeset	66
11163 37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	67 if(a == 0 \|\| b == 0) {
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	68 lua_settop(L, 1);
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	69 return 1;
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	70 }
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	71
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	72 for(i = 0; i < a; i++) {
11172 712b2e6a09d9 Back out 6dde2c9fa272: Doesn't work on Lua 5.1 Kim Alvefur <zash@zash.se> parents: 11171 diff changeset	73 luaL_addchar(&buf, str_a[i] ^ str_b[i % b]);
11163 37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	74 }
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	75
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	76 luaL_pushresult(&buf);
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	77 return 1;
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	78 }
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	79
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	80 LUA_API int luaopen_util_strbitop(lua_State *L) {
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	81 luaL_Reg exports[] = {
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	82 { "sand", strop_and },
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	83 { "sor", strop_or },
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	84 { "sxor", strop_xor },
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	85 { NULL, NULL }
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	86 };
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	87
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	88 lua_newtable(L);
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	89 luaL_setfuncs(L, exports, 0);
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	90 return 1;
37a6a535343e util.strbitop: Library for bitwise operations on strings Kim Alvefur <zash@zash.se> parents: diff changeset	91 }

prosody

53e0ae770917

util-src/strbitop.c

Software / code / prosody

Annotate

util-src/strbitop.c @ 12180:53e0ae770917

Software `/` code `/` prosody