希望您一切都好。 有人可以帮我解决这个问题吗? C中的跨站点脚本 这是在我的C文件中发生的。
这里正在证明URL,例如他们如何获取信息。
http://rs152.mt.att.com:8001/cgi-bin/rep_gtlsts?f_srep2.ht=<script>alert(261)</script>
在这里,黑客正在尝试编辑URL并注入警报。当我尝试执行URL时,出现261弹出警报。我需要重新输入网址。 我在此处添加文件,即rep_gtlsts.C文件。 我还添加了libary文件,仍然无法正常工作,这意味着仍然会弹出窗口。
#ifndef NOWHAT
#include "TNccidtab.h"
#define MAXKWS 100
#define WGDATAFILE "wglist"
char * cp;
char * empty = "<empty>";
char input[] = "../../../../../../../../../etc/password";
#define safenv(a) ((cp=getenv(a)) ? cp : empty)
/* Define all global variables: */
int allstreamFlag=0; //declared by santosh
void easy_prt_out();
/* Declare all local functions defined in this file: */
int
main(int argc, char **argv){
int i,j,num_cllis;
int ret;
char *qs;
char delim;
char copyqs[200];
//int abc=0;
eSetFyi(0);
argc = eInit(argc,argv);
eTrace('d',("in rep main"));
/* add callbacks for rules messaging */
eMapMsg(rule_ds1es);
eMapMsg(rule_rtn);
eMapMsg(rule_ecsps);
eMapMsg(rule_rdted);
eMapMsg(rule_toos);
eMapMsg(r_ps_rules);
ent = gethostbyname("nicprimary");
cout << "Content-type: text/html" << endl << endl;
uname(&utname);
if (!getClientID(clientID)) {
cout << "<HTML>" << endl;
cout << "<BODY>" << endl;
cout << "Security Violation: error obtaining clientID" << endl;
cout << "</HTML>" << endl;
cout << "</BODY>" << endl;
exit(0);
}
if ((qs = getenv("QUERY_STRING")) == NULL) {
cout << "<HTML>" << endl;
cout << "<BODY>" << endl;
cout << "No query information to decode." << endl;
cout << "</HTML>" << endl;
cout << "</BODY>" << endl;
exit(0);
}
char* clearUrl(char* input) {
char* output = input;
while (1) {
if (*output == '/')
output ++;
else if (!strncmp(output, "~/", 2))
output += 2;
else if (!strncmp(output, "./", 2))
output += 2;
else if (!strncmp(output, "../", 3))
output += 3;
else
break;
}
return output;
}
printf("Cleaned QUERY_STRING: %s\n", clearUrl(input));
allstreamFlag = isAllstreams(clientID); //Added by santosh
strcpy(copyqs,qs);
for(i=0; qs[i] && ((qs[i]!='&' && qs[i] != '+')); i++) {
html_file[i] = qs[i];
}
no_g2_call = 1;
rule_acc = 0;
owner_idx = 0;
html_file[i] = '\0';
unescape_url(html_file);
if (strcmp(html_file,qs) != 0) {
delim = qs[i];
i++;
qs = &qs[i];
if (delim == '+') {
/* parse out keyword*/
strcpy(kword,qs);
unescape_url(kword);
if (kword[0] == '\0') {
cout << "<HTML>" << endl;
cout << "<BODY>" << endl;
cout << "No valid keyword entered " << endl;
cout << "</HTML>" << endl;
cout << "</BODY>" << endl;
exit(0);
}
}
else if (delim == '&') {
for (i=0; qs[0] != '\0'; i++ ) {
splitword(elements[i].val, qs, '&');
unescape_url(elements[i].val);
splitword(elements[i].name, elements[i].val, '=');
if (strcmp(elements[i].name,"fdsig") == 0) {
strncpy(parms.desig,elements[i].val,MAX_DESIG_LEN);
parms.desig[MAX_DESIG_LEN] = '\0';
}
else if (strcmp(elements[i].name,"ftype") == 0) {
strncpy(parms.type,elements[i].val,MAX_TYPE_LEN);
parms.type[MAX_TYPE_LEN] = '\0';
}
if (strcmp(elements[i].name,"btfn") == 0) {
strncpy(parms.btfn,elements[i].val,MAX_TFN_LEN);
parms.btfn[MAX_TFN_LEN] = '\0';
}
if (strcmp(elements[i].name,"ttm") == 0) {
strncpy(parms.ttm,elements[i].val,MAX_TTM_LEN);
parms.ttm[MAX_TTM_LEN] = '\0';
else if (strcmp(elements[i].name,"rule_type") == 0) {
strncpy(parms.rule_type,elements[i].val,MAX_RULE_TYPE_LEN);
parms.rule_type[MAX_RULE_TYPE_LEN] = '\0';
}
}
}
}
sprintf(file_path,"../htdocs/%s",html_file);
eTrace('d',("%s file_path",file_path));
eTrace('d',("%s html file",html_file));
/* set array of configurations to null before you load it */
read_cllis = 1;
for (i=0;i<MAXKWS;i++) {
memset((void *)&conf_array[i],'\0',sizeof(DCONF));
}
if (strcmp(html_file,"ec_eqf.htm") == 0) {
cout << copyqs << endl;
}
if (strcmp(html_file,"f_srep2.ht") == 0 || strcmp(html_file,"f_srep3.ht") == 0 ) { //added the checking for f_srep3.ht for Allstream project
read4ecllis();
read5ecllis();
readDmscllis();
readttms();
readccids();
num_kws = 0;
kwdata(REPREAD,clientID,&num_kws);
nic_name = TNgetfullname("nicprimary");
if(nic_name == NULL) {
cout << "<HTML>" << endl;
cout << "<BODY>" << endl;
cout << "Full name for nicprimary not found." << endl;
cout << "</BODY>" << endl;
cout << "</HTML>" << endl;
exit(1);
}
}
if ((strcmp(html_file,"r_resp.ht")== 0) || (strcmp(html_file,"r_sched.ht")== 0)){
how_to_respond = atoi(parms.resp_type);
strcpy(err_msg,parms.nicerr);
switch (how_to_respond) {
case 0:
result = atoi(parms.result);
if (result == 0) {
strcpy(respond_type,"Accepted Successfully");
}
else {
strcpy(respond_type,"NOT Accepted");
}
// reset result cause not a nic error here
result = 0;
break;
case 1:
result = sched_rule(parms.rule_name,parms.cig_name,atoi(parms.priority),atoi(parms.rule_type));
break;
case 2:
result = act_rule(parms.rule_name,parms.cig_name,atoi(parms.rule_type),RACT);
break;
case 3:
result = act_rule(parms.rule_name,parms.cig_name,atoi(parms.rule_type),RDACT);
break;
case 4:
result = del_rule(parms.rule_name,parms.cig_name,atoi(parms.rule_type));
break;
default:
cout << "Error in Action Type" << endl;
break;
}
if (result < 0) {
/* put out error message */
cout << "<HTML>" << endl;
cout << "<BODY>" << endl;
cout << "Error Sending to NIC" << endl;
cout << "</HTML>" << endl;
cout << "</BODY>" << endl;
eExit(0);
}
}
if (strcmp(html_file,"rulesadm.ht") == 0) {
/* get list of 4e cllis for main page */
read4ecllis();
read5ecllis();
readDmscllis();
readttms();
kwdata(REPREAD,clientID,&num_kws);
nic_name = TNgetfullname("nicprimary");
if(nic_name == NULL) {
cout << "<HTML>" << endl;
cout << "<BODY>" << endl;
cout << "Full name for nicprimary not found." << endl;
cout << "</BODY>" << endl;
cout << "</HTML>" << endl;
exit(1);
}
}
if ((strcmp(html_file,"r_rdtexpi.ht") == 0) ||
(strcmp(html_file,"r_rdtexp.ht") == 0) ||
readttms();
}
if ((strcmp(html_file,"ds1_8_d.htm") == 0) ||
(strcmp(html_file,"tsg_8_d.htm") == 0)) {
readccids();
}
if ((strcmp(html_file,"4ecllis.htm") == 0) ||
(strcmp(html_file,"sellist1.ht") == 0)) {
read4ecllis();
}
if ( strcmp(html_file,"asellist1.ht") == 0)
{
readAllstream4ecllis();
}
if ( strcmp(html_file,"arepconfl.ht") == 0)
{
readAllstream4ecllis();
num_kws = 0;
kwdata(REPREAD,clientID,&num_kws);
kw_idx = matchkw(kword,num_kws);
}
if (strcmp(html_file,"sellist5.ht") == 0) {
read4ecllis();
}
if ((strcmp(html_file,"list_rules.ht") == 0) ||
(strcmp(html_file,"lstrlpwl.ht") == 0)) {
eTrace('d',("in if for list rules"));
tbl_rows = get_prules();
}
if (strcmp(html_file,"r_ds1es.ht") == 0) {
how_to_respond = atoi(parms.resp_type);
if (how_to_respond == 0) {
result = add_rule(atoi(parms.rule_type));
}
else {
rule_acc = get_r_ds1es(parms.rule_name,parms.cig_name);
}
}
if (strcmp(html_file,"r_rtnexp.ht") == 0) {
how_to_respond = atoi(parms.resp_type);
if (how_to_respond == 0) {
result = add_rule(atoi(parms.rule_type));
}
else {
rule_acc = get_r_rtn(parms.rule_name,parms.cig_name);
}
}
if (strcmp(html_file,"r_ecscan.ht") == 0) {
how_to_respond = atoi(parms.resp_type);
if (how_to_respond == 0) {
result = add_rule(atoi(parms.rule_type));
}
else {
rule_acc = get_r_ecscan(parms.rule_name,parms.cig_name);
}
}
if (strcmp(html_file,"r_rdtexp.ht") == 0) {
how_to_respond = atoi(parms.resp_type);
if (how_to_respond == 0) {
result = add_rule(atoi(parms.rule_type));
}
else {
rule_acc = get_r_rdtexp(parms.rule_name,parms.cig_name);
}
}
if (strcmp(html_file,"r_trkoos.ht") == 0) {
how_to_respond = atoi(parms.resp_type);
if (how_to_respond == 0) {
result = add_rule(atoi(parms.rule_type));
}
else {
rule_acc = get_r_trkoos(parms.rule_name,parms.cig_name);
}
}
if ((strcmp(html_file,"drdtd.ht") == 0) || (strcmp(html_file,"rtnexp.ht") == 0)) {
readttms();
}
if ((strcmp(html_file,"eds1_es.ht") == 0) || (strcmp(html_file,"aeds1_es.ht") == 0) ||
(strcmp(html_file,"etsg_es.ht") == 0) || (strcmp(html_file,"aetsg_es.ht") == 0)) {
readttms();
readtucs();
mcn_feature=isAllowed("ssimcnfltr");
if(allstreamFlag==1)
{
mcn_feature=0;
}
if (mcn_feature) LoadMcnData();
}
if (strcmp(html_file,"repconfl.ht") == 0) {
read4ecllis();
num_kws = 0;
kwdata(REPREAD,clientID,&num_kws);
kw_idx = matchkw(kword,num_kws);
}
if (strcmp(html_file,"repconfl5.ht") == 0) {
read4ecllis();
read5ecllis();
readDmscllis();
num_kws = 0;
kwdata(REPREAD,clientID,&num_kws);
kw_idx = matchkw(kword,num_kws);
}
if (strcmp(html_file,"reprmv.ht") == 0) {
num_kws = 0;
kwdata(REPREAD,clientID,&num_kws);
kw_idx = matchkw(kword,num_kws);
if (kw_idx >= 0) {
if (num_kws == 1) {
memset((void *)&conf_array[0],'\0',sizeof(DCONF));
}
else {
for (i=kw_idx+1;i<num_kws;i++){
conf_array[i-1] = conf_array[i];
}
}
}
num_kws = num_kws - 1;
kwdata(REPWRITE,clientID,&num_kws);
}
if (strcmp(html_file,"repsave.ht") == 0) {
num_kws = 0;
kwdata(REPREAD,clientID,&num_kws);
kw_idx = matchkw(kword,num_kws);
for (i=0;i<200;i++){
conf_array[kw_idx].cllis[i][0] = '\0';
}
ret = read_post(&num_cllis);
strcpy(conf_array[kw_idx].kw,kword);
if (num_cllis > 200) {
num_cllis = 200;
}
for (i=0;i<num_cllis;i++) {
strcpy(conf_array[kw_idx].cllis[i],elements[i].val);
}
if (num_kws == kw_idx) {
num_kws = kw_idx + 1;
}
kwdata(REPWRITE,clientID,&num_kws);
}
if ((strcmp(html_file,"ds1_8_d.htm") == 0) ||
(strcmp(html_file,"ads1_8_d.htm") == 0) ||
LoadWorkGroupList();
}
if (no_g2_call) {
easy_prt_out();
}
else {
eTrace('d',("before eGo"));
eGo();
}
}
void easy_prt_out() {
char buf[8192];
char left[128];
char right[128];
int i,j;
int count = 0;
int corbaccess ;
eTrace('d',("file_path %s",file_path));
ifstream inp_rep(file_path);
if(!inp_rep) {
cout << "<HTML>" << endl;
cout << "<BODY>" << endl;
cout << "cannot open file " << html_file << endl;
cout << "</BODY>" << endl;
cout << "</HTML>" << endl;
exit(1);
}
while(inp_rep.getline(buf,sizeof(buf))){
if(strstr(buf,"{$CLLIARRAY}")) {
strsplit(buf,"{$CLLIARRAY}",left,right);
cout << "var " << left << "=new Array(" << numCllis <<")\n" << endl;
for(i=0; i<numCllis; i++) {
cout << left << "[" << i <<"]=" << left << "['" << abbrev[i] << "']='" << clliarray[i] << "'\n" <<endl;
}
cout << "// end of 4e" << endl;
right[0] = '\0';
}
else if(strstr(buf,"{$CLLI5ARRAY}")) {
cout << "// beg of 5e" << endl;
strsplit(buf,"{$CLLI5ARRAY}",left,right);
cout << "var " << left << "=new Array(" << num5Cllis <<")\n" << endl;
for(i=0; i<num5Cllis; i++) {
cout << left << "[" << i <<"]=" << left << "['" << abbrev5[i] << "']='" << clli5array[i] << "'\n" <<endl;
}
right[0] = '\0';
}
else if(strstr(buf,"{$CLLIDARRAY}")) {
cout << "// beg of Dms" << endl;
strsplit(buf,"{$CLLIDARRAY}",left,right);
cout << "var " << left << "=new Array(" << numDCllis <<")\n" << endl;
for(i=0; i<numDCllis; i++) {
cout << left << "[" << i <<"]=" << left << "['" << abbrevD[i] << "']='" << clliDarray[i] << "'\n" <<endl;
}
right[0] = '\0';
}
else if(strstr(buf,"{$CCIDS}")) {
cout << "// beg of ccids" << endl;
strsplit(buf,"{$CCIDS}",left,right);
sprintf(buf,"var %s=new Array(%d);\n",left,numccids);
cout << "var " << left << "=new Array(" << numccids <<")\n" << endl;
for(i=0; i<numccids; i++) {
cout << left << "[" << i <<"]='" << ccids[i] << "'\n" <<endl;
}
right[0] = '\0';
}
else if(strstr(buf,"{$MENU}")) {
strsplit(buf,"{$MENU}",left,right);
if (isAllowed("ISC")) {
cout << left << "/menuint.htm" << right << endl;
}
else {
cout << left << "/menu1.htm" << right << endl;
}
}
else if(strstr(buf,"{$FOURORFIVE}")) {
strsplit(buf,"{$FOURORFIVE}",left,right);
if (isAllowed("ISC")) {
if (allstreamFlag == 1)
cout << left << "/cgi-bin/rep_gtlsts?arepconfl.ht" << right << endl;
else
cout << left << "/cgi-bin/rep_gtlsts?repconfl.ht" << right << endl;
}
else {
if (allstreamFlag == 1)
cout << left << "/cgi-bin/rep_gtlsts?arepconfl.ht" << right << endl;
else
cout << left << "/cgi-bin/rep_gtlsts?repconfl5.ht" << right << endl;
}
}
else if(strstr(buf,"{$SEL4OR5}")) {
strsplit(buf,"{$SEL4OR5}",left,right);
if (isAllowed("ISC") ) {
if(allstreamFlag == 1) //A new ht file (asellist1.ht) is created for allstream users
cout << left << "/cgi-bin/rep_gtlsts?asellist1.ht" << right << endl;
else
cout << left << "/cgi-bin/rep_gtlsts?sellist1.ht" << right << endl;
}
else {
if(allstreamFlag == 1) //A new ht file (asellist1.ht) is created for allstream users
cout << left << "/cgi-bin/rep_gtlsts?asellist1.ht" << right << endl;
else
cout << left << "/cgi-bin/rep_gtlsts?sellist5.ht" << right << endl;
}
}
else if(strstr(buf,"{$RMENU}")) {
strsplit(buf,"{$RMENU}",left,right);
if (isAllowed("ISC")) {
cout << left << "/rmenuint.htm" << right << endl;
}
else {
cout << left << "/rmenu1.htm" << right << endl;
}
}
else if(strstr(buf,"{$MCNTITLE}")) {
if (mcn_feature) {
cout << "<TD colspan=2 align=center ><B>MCN</B></TD>" << endl;
}
else {
cout << "<input type='hidden' name='mcn' value=''>" << endl;
}
}
else if (strstr(buf,"{$MCNLIST}")) {
if (mcn_feature) getMcnList() ;
}
else if (strstr(buf,"{$4ECLLIS}")){
/* found my marker to insert the 4eclli list */
for(i=0; i<numCllis; i++) {
cout << "<OPTION>" << clliarray[i] << "</OPTION>" <<endl;
}
}
else if (strstr(buf,"{$4EACLLIS}")){
/* found my marker to insert the 4eclli list */
for(i=0; i<numCllis; i++) {
cout << "<OPTION>" << clliAarray[i] << "</OPTION>" <<endl;
}
}
else if (strstr(buf,"{$5ECLLIS}")){
/* found my marker to insert the 5eclli list */
for(i=0; i<num5Cllis; i++) {
cout << "<OPTION>" << clli5array[i] << "</OPTION>" <<endl;
}
}
else if (strstr(buf,"{$DMSCLLIS}")){
/* found my marker to insert the Dmsclli list */
for(i=0; i<numDCllis; i++) {
cout << "<OPTION>" << clliDarray[i] << "</OPTION>" <<endl;
}
}
/****************************************************/
/* RULE SCREENS */
/****************************************************/
else if(strstr(buf,"{$RTRKOOS}")) {
/* print out the data structure of the rule */
pr_trk_rule();
}
else if(strstr(buf,"{$ACC}")) {
strsplit(buf,"{$ACC}",left,right);
if (rule_acc == 0) {
/* rule has been accepted because we have data */
cout << left << "Y" << right << endl;
}
else {
cout << left << "N" << right << endl;
}
}
else if(strstr(buf,"{$SCHED}")) {
strsplit(buf,"{$SCHED}",left,right);
if (r_ds1es.app_time[0] != '\0') {
/* rule has been scheduled because we have data */
cout << left << "Y" << right << endl;
}
else {
cout << left << "N" << right << endl;
}
}
}
else if(strstr(buf,"{$RULEARRAY}")) {
strsplit(buf,"{$RULEARRAY}",left,right);
cout << "var " << left << " = new Array()" << endl;
for (i=0;i<rule_data_cnt;i++) {
cout << left << "[" << i << "]=new Array('"<<rule_data[i].rule_name ;
cout << "'," << endl << "'" << rule_data[i].cig_name;
if (strcmp(rule_data[i].rule_type,"ds1_es") == 0) {
cout << "'," << endl << "'" << "0";
}
if (strcmp(rule_data[i].rule_type,"rtn") == 0) {
cout << "'," << endl << "'" << "4";
}
else if (strcmp(rule_data[i].rule_type,"rdt_ed") == 0) {
cout << "'," << endl << "'" << "2";
}
cout << "');" << endl;
}
}
else if (strstr(buf,"{$ADDROW}")){
/* found my marker to insert the table rows*/
cout << "<tr>" <<endl;
inp_rep.getline(buf,sizeof(buf));
if (rule_data_cnt > 0) {
/* put out first row of the table and save the structure of */
/* on screen table to output subsequent rows */
ch_row_idx = 0;
while (!strstr(buf,"{$ENDROW}")){
if (strstr(buf,"{$RULE_NAME}")){
strsplit(buf,"{$RULE_NAME}",row_left.rule_name,row_right.rule_name);
cout << row_left.rule_name << " " << rule_data[0].rule_name << row_right.rule_name <<endl;
}
else if (strstr(buf,"{$PRIORITY}")){
strsplit(buf,"{$PRIORITY}",row_left.priority,row_right.priority);
cout << row_left.priority << " " << rule_data[0].priority << row_right.priority <<endl;
}
else if (strstr(buf,"{$DESCRIP}")){
strsplit(buf,"{$DESCRIP}",row_left.descrip,row_right.descrip);
if (strcmp(rule_data[0].descrip,"") == 0) {
// no description so make sure a space is there
// so frame of box shows up correctly
cout << row_left.descrip << " " << rule_data[0].descrip << row_right.descrip <<endl;
}
else {
cout << row_left.descrip << " " << rule_data[0].descrip << row_right.descrip <<endl;
}
}
else if (strstr(buf,"{$SCHED}")){
strsplit(buf,"{$SCHED}",row_left.sched,row_right.sched);
cout << row_left.sched << " " << rule_data[0].sched << row_right.sched <<endl;
}
else if (strstr(buf,"{$STATE}")){
strsplit(buf,"{$STATE}",row_left.state,row_right.state);
cout << row_left.state << " " << rule_data[0].state << row_right.state <<endl;
else {
cout << buf << endl;
strcpy(checkrow[ch_row_idx],buf);
ch_row_idx++;
}
inp_rep.getline(buf,sizeof(buf));
}
}
else {
//no data so get endrow marker
while (!strstr(buf,"{$ENDROW}")){
inp_rep.getline(buf,sizeof(buf));
}
}
if (!strstr(buf,"{$ENDROW}")){
cout << "HTML file error" << endl;
}
else {
cout << "</tr>" <<endl;
}
/* Now continue and put out subsequent table rows */
for(i=1; i<rule_data_cnt; i++) {
cout << "<tr>" <<endl;
cout << checkrow[0]<<endl;
cout << checkrow[1]<<endl;
cout << checkrow[2]<<endl;
cout << row_left.rule_name << " " << rule_data[i].rule_name << row_right.rule_name <<endl;
cout << row_left.priority << " " << rule_data[i].priority << row_right.priority <<endl;
if (strcmp(rule_data[i].descrip,"") == 0) {
// no description so make sure a space is there
// so frame of box shows up correctly
cout << row_left.descrip << " " << row_right.descrip <<endl;
}
else {
cout << row_left.descrip << " " << rule_data[i].descrip << row_right.descrip <<endl;
}
cout << row_left.sched << " " << rule_data[i].sched << row_right.sched <<endl;
cout << row_left.state << " " << rule_data[i].state << row_right.state <<endl;
cout << row_left.accepted << " " << rule_data[i].accepted << row_right.accepted <<endl;
cout << "</tr>" <<endl;
}
}
else if (strstr(buf,"{$PASSPARMS}")){
if (parms.level[0] != '\0') {
cout << "var level = '" << parms.level << "'"<< endl;
if ((parms.level[0] == 'D') ||
(parms.level[0] == 'S') ||
(parms.level[0] == 'E') ||
(parms.level[0] == 'O')) {
/* DS1, DS3, E1, STS1, EC1, OC3, or EC */
if (parms.desig[0] == '\0') {
cout << "var p_desig = ''"<< endl;
}
else {
cout << "var p_desig = '" << parms.desig << "'" << endl;
}
if (parms.type[0] == '\0') {
cout << "var p_type = ''"<< endl;
}
else {
cout << "var p_type = '" << parms.type << "'" << endl;
}
if (parms.owner[0] == '\0') {
cout << "var p_owner = ''"<< endl;
}
else {
cout << "var p_owner = '" << parms.owner << "'" << endl;
}
}
else if (parms.level[0] == 'T') {
/* TSG */
if (parms.btfn[0] == '\0') {
cout << "var p_btfn = ''"<< endl;
}
else {
cout << "var p_btfn = '" << parms.btfn << "'" << endl;
}
if (parms.owner[0] == '\0') {
cout << "var p_owner = ''"<< endl;
}
else {
cout << "var p_owner = '" << parms.owner << "'" << endl;
}
}
}
else {
cout << "var p_owner = '';"<< endl;
}
}
else if (strstr(buf,"{$KEYWORDS}")){
for(i=0; i<count; i++) {
cout << "<OPTION>" << kwarr[i] << "</OPTION>" <<endl;
}
}
else if (strstr(buf,"{$NICSERV}")){
/* found my marker to insert fully qualified nic server name*/
strsplit(buf,"{$NICSERV}",left,right);
cout << left << nic_name << right <<endl;
cout << "var allstreamFlag="<<allstreamFlag<<";" << endl;
}
else if (strstr(buf,"{$PARAM}")) {
corbaccess=isAllowed("CORBAaccess") ;
cout << "var corbaccess=" << corbaccess << ";" << endl;
}
else if (strstr(buf,"{$ALLSTREAMCLLI}")) {
cout << "var allStreamCLLI" << "=new Array(" << MAXALLSTREAMCLLIS <<")\n" << endl;
for(i=0;i<MAXALLSTREAMCLLIS;i++)
{
cout<<"allStreamCLLI["<<i<<"]='" << ALLSTREAM_CLLIS[i] << "'" << ";" <<endl;
}
}
else if (strstr(buf,"{$CONFID}")){
strsplit(buf,"{$CONFID}",left,right);
cout << left << kword << right <<endl;
cout << left << kword << right <<endl;
}
else if (strstr(buf,"{$CONFARRAYUPD}")) {
strsplit(buf,"{$CONFARRAYUPD}",left,right);
if (num_kws > 0) {
for (i=0;i<num_kws;i++) {
cout << left << "[" << i << "]=new Array('"<<conf_array[i].kw ;
for(j=0; conf_array[i].cllis[j][0]; j++) {
cout << "'," << endl << "'" << conf_array[i].cllis[j];
}
cout << "');" << endl;
}
}
}
else if(strstr(buf,"{$CONFARRAYLEN}")) {
strsplit(buf,"{$CONFARRAYLEN}",left,right);
if (num_kws < 0) {
// no conf array elements currently existed
num_kws = 0;
}
cout << left << num_kws << right <<endl;
}
else {
cout << buf << endl;
}
}
inp_rep.close();
}
int
mycmp(const char *s1, const char * s2) {
return(strcmp(s1,s2));
}
void
read5ecllis() {
int j;
int matchCllis;
if (read_cllis) {
readcllis();
read_cllis=0;
}
matchCllis = matchclli(NULL,clli5match,Clli5e);
num5Cllis = 0;
for (j=0; j<matchCllis; j++) {
if (isCapable(OSPSSWITCH,clli5match[j]) ||
isCapable(ADLSWITCH,clli5match[j])) {
strcpy(clli5array[num5Cllis],clli5match[j]);
if (is5eLocal(clli5match[j])) { /* MR000278 */
find5eAbbrev(clli5match[j],NULL,abbrev5[num5Cllis]);
}
else {
find5eAbbrev(clli5match[j],abbrev5[num5Cllis],NULL);
}
num5Cllis++;
}
}
}
void
readDmscllis() {
int j;
int matchCllis;
if (read_cllis) {
readcllis();
read_cllis=0;
}
matchCllis = matchclli(NULL,clliDarray,ClliDMS);
numDCllis = 0;
for (j=0; j<matchCllis; j++) {
if (isDMSLocal(clliDarray[j])) { /* MR000278 */
findDMSAbbrev(clliDarray[j],NULL,abbrevD[numDCllis]);
}
else {
findDMSAbbrev(clliDarray[j],abbrevD[numDCllis],NULL);
}
numDCllis++;
}
}
void
readttms() {
char *ptr, *filename, buf[128];
int cnt = 0;
ptr = getenv(ETC_PATH);
if(ptr == NULL)
ptr = DEF_ETC_DIR;
filename = findfile(ptr,"ttmtab",04);
if(filename == NULL)
return;
ifstream inp(filename);
if(!inp) {
ERUNIX("fopen",filename);
return;
}
while(inp.getline(buf,sizeof(buf))){
if(buf[0] == '#')
continue;
ptr = strtok(buf,":");
if(ptr)
strcpy(ttmarray[cnt++],ptr);
}
ttmarray[cnt][0] = '\0';
qsort((char *)ttmarray,cnt,sizeof(ttmarray[0]),entrycmp) ;
}
void
readccids() {
char buffer [BUFFER_SZ], /* holds entry from CCID code file */
*ptr ; /* used to "parse" file entry */
FILE *file_ptr ; /* file pointer to CCID code file */
/*---------------------[ Executable Section ]-------------------*/
numccids = 0 ;
if ( ( file_ptr = openCcidFile () ) == NULL )
return;
while ( fgets ( buffer, sizeof ( buffer ), file_ptr ) != NULL && numccids
< MAX_CCID_CODES )
{
if ( ( ptr = strtok ( buffer, BLANK_MASK ) ) == NULL ||
strchr ( ptr, COMMENT_CHAR ) != NULL ) /* skip comments
at top of file */
continue ;
strncpy ( ccids [numccids], strtoupper ( ptr ), CCID_LENGTH )
;
ccids [numccids][CCID_LENGTH] = '\0' ;
numccids++ ;
} /* end while */
fclose ( file_ptr ) ;
if ( numccids < 1 )
return; /* no CCID codes found, nothing else to do */
qsort ((char *) ccids, numccids, sizeof (ccids [0]), (int (*)(const void *,const void *))mycmp);
return; /* everything must have worked if we're here ! */
}
int
sortkws(int count)
{
int i;
if (count != 0) {
for(i=0;i<count;i++) {
strcpy(kwarr[i], conf_array[i].kw);
if(i == 100) {
break;
}
}
qsort(kwarr,count,20,(int (*)(const void *,const void *))mycmp);
}
return(count);
}
预先感谢..!
答案 0 :(得分:-1)
我想您要确保无法访问父目录中的本地文件?然后,所有前面的/(绝对路径),~/(访问主目录),../(父目录)和./(可以隐藏其他目录)即将被删除。在C语言中,最简单的方法是跳过它们。例如,可以使用以下代码完成此操作:
#include <string.h> // For strncmp
#include <stdlib.h> // For malloc
char* clearUrl(char* input) {
// Part One: Remove occurrences at the beginning of the url
// --------------------------------------------------------
char* skippedStr = input;
while (1) {
if (*skippedStr == '/')
skippedStr ++;
else if (!strncmp(skippedStr, "~/", 2))
skippedStr += 2;
else if (!strncmp(skippedStr, "./", 2))
skippedStr += 2;
else if (!strncmp(skippedStr, "../", 3))
skippedStr += 3;
else
break;
}
// Part Two: remove occurrences of /.. within the url
// --------------------------------------------------
char* output = (char*) malloc( (strlen(skippedStr)+1) * sizeof(char));
char* cleanedStr = output;
while (*skippedStr != '\0') {
if (!strncmp(skippedStr, "/..", 3))
skippedStr += 3;
else {
*cleanedStr = *skippedStr;
cleanedStr++;
skippedStr++;
}
}
*cleanedStr = '\0'; // Append trailing null byte
return output;
}
应注意,该过程将删除所有../,并且不会检查是否选择了不应访问的目录。这可能会导致意外错误。另一种选择是仅搜索URL,如果URL中包含../或类似内容,则向客户端返回400 Bad Request。
编辑:感谢Ian Abbott
注意URL中/..的出现也很危险。我忽略了这一点,并相应地更正了代码。
评论后编辑:
要关闭安全漏洞,可以更改代码,例如,如下所示:
// ...
ent = gethostbyname("nicprimary");
uname(&utname);
if (!getClientID(clientID)) {
cout << "Content-type: text/html" << endl << endl;
cout << "<HTML>" << endl;
cout << "<BODY>" << endl;
cout << "Security Violation: error obtaining clientID" << endl;
cout << "</HTML>" << endl;
cout << "</BODY>" << endl;
exit(0);
}
if ((qs = getenv("QUERY_STRING")) == NULL) {
cout << "Content-type: text/html" << endl << endl;
cout << "<HTML>" << endl;
cout << "<BODY>" << endl;
cout << "No query information to decode." << endl;
cout << "</HTML>" << endl;
cout << "</BODY>" << endl;
exit(0);
}
// This is the new security check about occurences of ../ within qs
if (strstr(qs, "../")) {
cout << "Status: 400 Bad Request" << endl << endl;
exit(0);
}
cout << "Content-type: text/html" << endl << endl;
// ...
这将拒绝所有带有400 Bad Request且其中../包含在查询字符串中的请求。请注意
cout << "Content-type: text/html" << endl << endl;
必须在安全检查之前不执行,因此已被进一步调低。