cmhi
/
secgateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Mod aaa-12 修改认证模块、用户管理模块数据的格式判断 

RCA:
SOL:
修改人:chenling
检视人:
This commit is contained in:
ChenLing 2019-10-10 16:23:16 +08:00
parent f7af50861d
commit 24f01ce548
2 changed files with 85 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
libs/src/lighttpd-1.4.51/src/mod_portal.c
View File

@ -26,6 +26,8 @@
#define MESSAGE_SIZE (63)
#define MAX_ONLINE_NUM 10
#define SPECHAR(element) (strpbrk((element), "~!@#$%^&*()_+{}|:\"<>?\\,./;\'[]-=`")) //校验特殊字符
typedef void *pointer;
#if 0
@ -429,6 +431,11 @@ static handler_t judge_account_pwd(server *srv, connection *con, void *p_d)
account = uitem->valuestring;
log_error_write(srv, __FILE__, __LINE__, "ss", "test", account);
if(SPECHAR(account))
{
return HANDLER_ERROR;
}
if (strlen(account) > USERNAME_MAXLEN)
{
cJSON_Delete(uitem);
@ -705,7 +712,9 @@ static handler_t mod_portal_uri_handler(server *srv, connection *con, void *p_d)
}
log_error_write(srv, __FILE__, __LINE__, "s", "test");
//http_header_response_set(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("text/xml; charset=\"utf-8\""));
http_header_response_set(con, HTTP_HEADER_CONTENT_TYPE,
CONST_STR_LEN("Content-Type"),
CONST_STR_LEN("text/xml; charset=\"utf-8\""));
con->http_status = 200;
con->file_finished = 1;
return t;
@ -738,3 +747,7 @@ int mod_portal_plugin_init(plugin *p)

70
libs/src/lighttpd-1.4.51/src/mod_usermagnet.c
View File

@ -22,6 +22,8 @@
#define DEL_MAX_NUM (100)
#define DEL_MAX_SIZE (24)
#define SPECHAR(element) (strpbrk((element), "~!@#$%^&*()_+{}|:\"<>?\\,./;\'[]-=`")) //校验特殊字符
/*函数指针*/
typedef void (*mod_usermagnet_cfg_exec_sync)(int page_num, int count, char *user_name, cJSON *array);
@ -31,6 +33,52 @@ typedef struct {
mod_usermagnet_cfg_exec_sync usermagnet_cfg_exec;
} mod_usermagnet_plugin_data;
int isIpV4Addr(const char *ipAddr)
{
int dots = 0; /*字符.的个数*/
int setions = 0; /*ip每一部分总和0-255*/
printf("%s\n", ipAddr);
if(NULL == ipAddr || *ipAddr == '.') /*排除输入参数为NULL, 或者一个字符为'.'的字符串*/
{
return 1;
}
while(*ipAddr)
{
if(*ipAddr == '.')
{
dots ++;
if(setions >= 0 && setions <= 255) /*检查ip是否合法*/
{
setions = 0;
ipAddr++;
continue;
}
return 1;
}
else if(*ipAddr >= '0' && *ipAddr <= '9') /*判断是不是数字*/
{
setions = setions * 10 + (*ipAddr - '0'); /*求每一段总和*/
}
else
{
return 1;
}
ipAddr++;
}
if(setions >= 0 && setions <= 255)
{
if (dots == 3)
{
return 0;
}
}
return 1;
}
INIT_FUNC(mod_usermagnet_init) {
mod_usermagnet_plugin_data *p;
@ -121,6 +169,12 @@ static handler_t get_onlineuser_info(server *srv, connection *con, void* p_d)
log_error_write(srv, __FILE__, __LINE__, "ss", "test", ip);
}
if(userip && (1 == isIpV4Addr(ip)))
{
return HANDLER_ERROR;
}
log_error_write(srv, __FILE__, __LINE__, "s", "test");
/*get username*/
username = cJSON_GetObjectItem(cjson , "user_name");
if(username)
@ -129,6 +183,11 @@ static handler_t get_onlineuser_info(server *srv, connection *con, void* p_d)
log_error_write(srv, __FILE__, __LINE__, "ss", "test", name);
}
if(name && SPECHAR(name))
{
return HANDLER_ERROR;
}
/*get page_num*/
Page_Num = cJSON_GetObjectItem(cjson, "page_num");
if(Page_Num)
@ -359,6 +418,11 @@ static handler_t user_offline(server *srv, connection *con, void* p_d)
inet_pton(AF_INET, userip->valuestring, &clientip);
log_error_write(srv, __FILE__, __LINE__, "sds","test", clientip, userip->valuestring);
if(1 == isIpV4Addr(userip->valuestring))
{
return HANDLER_ERROR;
}
user_info = ufind_user(clientip);
if(NULL != user_info)
@ -485,6 +549,9 @@ static handler_t mod_usermagnet_uri_handler(server *srv, connection *con, void*
}
log_error_write(srv, __FILE__, __LINE__, "s","test");
http_header_response_set(con, HTTP_HEADER_CONTENT_TYPE,
CONST_STR_LEN("Content-Type"),
CONST_STR_LEN("text/xml; charset=\"utf-8\""));
con->http_status = 200;
con->file_finished = 1;
return t;
@ -515,6 +582,3 @@ int mod_usermagnet_plugin_init(plugin *p) {
return 0;
}