You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

FilterChain.cpp 72KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314
  1. // FilterChain.cpp
  2. //
  3. // (C) 2002-2009 MicroNeil Research Corporation
  4. //
  5. // Main code file for module FilterChain.
  6. // 20041116 _M Added UrlDecode module. The module will repeat a decoded version of
  7. // any anchor tag that it sees which contains decodable %xx bytes. Other anchor
  8. // tags are not repeated.
  9. // 20041116 _M Upgrades to the Defunker module. The module now decodes any HTML
  10. // encoded bytes that could have been normal ascii.
  11. // 20041114 _M Completed basic defunker engine which strips out all HTML and some
  12. // basic   encoding.
  13. // 20041113 _M Began heavy upgrades to this module to improve performance and
  14. // provide additional obfuscation removal. This modification will include a move
  15. // from the use of switch(State) mechanisms to the use of function pointers. This
  16. // should save a few cycles on every byte processed.
  17. #include "FilterChain.hpp"
  18. // FilterChainBase64 Methods.
  19. // GetByte()
  20. // Returns the next byte from this filter module.
  21. unsigned char FilterChainBase64::GetByte() {
  22. switch(State) { // What are we doing?
  23. case SCANNING:{ // We're scanning to turn on...
  24. // In this mode we are hunting for a reason to turn
  25. // ourselves on. If we find our startup sequence then
  26. // we will go into decoding mode. Until then, we try
  27. // to match each incoming character with our startup
  28. // sequence.
  29. while(true) { // Search for our startup string or get out.
  30. try { // Try this...
  31. ValidBuffer = false; // No valid buffer yet.
  32. x=FilterChain::GetByte(); // Get the next byte from source.
  33. } // If we get the empty signal
  34. // here, we've failed to match.
  35. catch(const Empty&) { // If so - and we haven't
  36. if(0==ScanIx) throw Empty("FilterChainBase64: No more data"); // started then just throw Empty.
  37. State=DEQUEING;DequeIx=0; // If we have then we'll dequeue
  38. return GetByte(); // it and throw when that's done
  39. } // because Buffer is not valid.
  40. // It's important that no empty's get beyond this point unless
  41. // we've got a match started. Otherwise we'll return corruption.
  42. if(x!=Base64Start[ScanIx]){ // If the byte doesnt match,
  43. // and we've started matching
  44. if(0!=ScanIx) { // the sequence then save the
  45. Buffer=x; ValidBuffer=true; // byte for later, change to
  46. State=DEQUEING;DequeIx=0; // DEQUING mode, and return
  47. return GetByte(); // the first Dequeued byte.
  48. }
  49. // If there's no match
  50. else return x; // started then shortcut that:
  51. } // just send back the byte.
  52. // We've handled non matches, now time for the good stuff...
  53. else { // This byte matches :-)
  54. ScanIx++; // Move forward!
  55. if(ScanIx>=sizeof(Base64Start)-1){ // If we've matched it all
  56. // then prep for decoding.
  57. // At this point we've got our trigger - but we need to
  58. // eat up any extra junk before we start decoding. What
  59. // we're looking for is a blank line (CRLFCRLF) within
  60. // the next couple of lines. While we're at this if we
  61. // get an exception we'll just pass it through.
  62. ScanIx=DequeIx=0; // Let's reset our indexes.
  63. // We're SCANNING now - so if we fail to get to good base64
  64. // stuff then we'll be starting from scratch - and that's ok.
  65. // Here we will allow some number of additional header lines
  66. // to occur before we give up on this being a base64 segment.
  67. // If we give up then we go back to scanning agian.
  68. // 20030114 _M Increased limit to 150 - lots of X- headers cause
  69. // the engine to stop decoding base64!! 30 was too small.
  70. const int LineLimit = 150; // We'll allow this many.
  71. for(int LineCount=0; LineCount<LineLimit; LineCount++) {
  72. do{ // Eat up characters through
  73. x=FilterChain::GetByte(); // the end of the line.
  74. } while(x!='\n');
  75. x=FilterChain::GetByte(); // Get the next byte.
  76. if(x=='\n'){ // Next line is blank?
  77. State=DECODING; // Then get ready to DECODE!
  78. break; // NO MORE LOOPING!
  79. }
  80. // If the line is not blank then we'll go around again up
  81. // to the number of lines we allow. Then we're done trying
  82. // and we will fall through.
  83. }
  84. // At this point we are either ready to decode base64 data
  85. // or we're still in SCANNING mode because of too much junk.
  86. if(DECODING==State) { // If we're ready to decode
  87. Workspace = 0x0000000a; // then set up a pair of
  88. DequeIx=3; // <LF> lines so they will
  89. ScanIx=2; // be the first bytes decoded.
  90. } // Here we pump <LF> into the
  91. // workspace. Then we return one <LF>
  92. return x; // (usually).
  93. // The deal is, if we're decoding then we will pump in LF and
  94. // return what must be the last LF. If we're not decoding then we
  95. // end up returning the last byte we read before giving up which should
  96. // be the first byte of the next line.
  97. }
  98. }
  99. }
  100. // The above will be tried repeatedly in the first call to
  101. // this object's GetByte() until we either return a byte or
  102. // throw an exception. The result is that once we start to match
  103. // our startup sequence we will either match all of it or we will
  104. // grab as much of it as we can until we don't match - then we'll
  105. // fail and move into DEQUEING.
  106. // You may be asking yourself, why go through all that complex
  107. // Turing engine stuff when a simple line load and string comparison
  108. // would do nicely. The answer is SPEED. Without getting too deep,
  109. // the above code will identify the startup string in roughly 2
  110. // comparisons per byte. If I were to load the entire line first
  111. // then that alone would be 2 comparisons before I got started. This
  112. // way I cut the number of comparisons down by at least 50%.
  113. break;
  114. }
  115. case DEQUEING:{ // We're recovering from a false start...
  116. // When we get here, ScanIx will be one greater than the last
  117. // matching byte. The last byte read will be stored in our buffer
  118. // so that it can be returned here as the last step. The calling
  119. // program will request each byte one at a time... starting with
  120. // the first byte coming out of this code. For all positions in our
  121. // startup string less than ScanIx, we know we had a matching input.
  122. // We start our output at the first byte. The Scanning engine should
  123. // have set our DequeIx to 0 before we got here - so that part should
  124. // be automatic. Here goes...
  125. if(DequeIx < ScanIx) { // If we're still returning a
  126. unsigned char x = // partial match, grab the next byte
  127. Base64Start[DequeIx]; // from the startup string, Increment
  128. DequeIx++; // our Deque index for next time, and
  129. return x; // return the byte that's needed.
  130. } else { // When we're done with that part,
  131. State=SCANNING; // we set our mode back to scanning,
  132. ScanIx=DequeIx=0; // reset our indexes to start again,
  133. // Here we either have a buffered byte to dequeue, or we ran out
  134. // of data while attempting to match our startup sequence. If we
  135. // have a vaild byte we return it. If not, we throw No More Data!
  136. if(ValidBuffer) return Buffer;
  137. else throw Empty("FilterChainBase64: No more data");
  138. }
  139. break;
  140. }
  141. case DECODING:{ // We're decoding data...
  142. // DequeIx will be used here to indicate how many decoded
  143. // bytes are ready to be delivered. This is compatible with
  144. // the normal startup for other modes.
  145. // ScanIx will be used here to indicate which byte position
  146. // we should be reading from. This combination helps to handle
  147. // pads and simplifies processing. For example, if we've got two
  148. // pads then we'll have a single byte to read starting at index
  149. // zero.
  150. // If we get an exception from up the chain while we're decoding
  151. // then we'll just pass it along.
  152. if(0==DequeIx) { // If there are no bytes ready then get some!
  153. // First Byte:
  154. // Eat anything up to the first byte that doesn't look like
  155. // a base64 digit. If we hit a '\n-' then we'll assume we've got
  156. // a segment boundary and we'll quit. Everything else will be
  157. // ignored to get us to the next line.
  158. do{ // Empty out any in-between bytes.
  159. y=x;x=FilterChain::GetByte(); // Read one byte at a time.
  160. if('-'==x && '\n'==y) { // If we get to a segment separator
  161. ScanIx=DequeIx=0; // then reset our indexes, set our
  162. State=SCANNING; // state to SCANNING...
  163. do { // Eat up the rest of this line
  164. x=FilterChain::GetByte(); // one byte at a time including
  165. } while('\n'!=x); // the <LF> at the end, then
  166. return '\n'; // return the that <LF> byte.
  167. // On the next incoming call, the scanner section "should"
  168. // return the following <LF> byte to complete the end of line.
  169. // This ensures that we put a new line at the end of our
  170. // decoded segment. Four message scanning purposes this is
  171. // desireable. If we wanted a clean segment then we'd probably
  172. // eat through the new line rather than the carriage return.
  173. }
  174. } while(XX64==Base64Table[x]); // Eat all invalid bytes.
  175. // At this point x should have the first valid byte for us :-)
  176. if('='==x) { // First byte can't be a pad.
  177. ScanIx=DequeIx=0; // If it is then we reset ourself,
  178. do{ // eat the rest of this line,
  179. y=x;x=FilterChain::GetByte(); // and then go on with scanning.
  180. }while('\n'!=x);
  181. return x;
  182. }
  183. // At this point we have a clean byte, presumably at the start
  184. // of a base64 block which we can decode.
  185. x = Base64Table[x]; // Convert the byte.
  186. // This first one we assign to clear out the register. The rest
  187. // get added to keep things in place.
  188. Workspace = // Add it to the workspace in the
  189. x << base64_seg0_shift; // correct position.
  190. // Byte number 2 of the block...
  191. x=FilterChain::GetByte(); // Grab the byte...
  192. if('='==x) { // This byte can't be a pad.
  193. ScanIx=DequeIx=0; // If it is then we reset ourself,
  194. do{ // eat the rest of this line,
  195. y=x;x=FilterChain::GetByte(); // and then go on with scanning.
  196. }while('\n'!=x);
  197. return x;
  198. }
  199. x=Base64Table[x]; // Convert the byte.
  200. if(XX64==x) { // The byte can't be invalid...
  201. ScanIx=DequeIx=0; // If it is then we reset ourself,
  202. do{ // eat the rest of this line,
  203. y=x;x=FilterChain::GetByte(); // and then go on with scanning.
  204. }while('\n'!=x);
  205. return x;
  206. }
  207. // At this point we have a clean byte...
  208. Workspace += // Add it to the workspace in the
  209. x << base64_seg1_shift; // correct position.
  210. // Byte number 3 of the block...
  211. x=FilterChain::GetByte(); // Grab the byte...
  212. // This one and the next one can be pads. Here's where we start
  213. // deciding how many bytes we have. If we have a pad in this spot
  214. // then our output bytes will only be 1.
  215. if('='==x) DequeIx = 1; // If we've got a pad here we'll only
  216. else DequeIx = 3; // have one valid output byte. Otherwise
  217. // we could have 3.
  218. x=Base64Table[x]; // Convert the byte.
  219. if(XX64==x) { // The byte can't be invalid...
  220. ScanIx=DequeIx=0; // If it is then we reset ourself,
  221. do{ // eat the rest of this line,
  222. y=x;x=FilterChain::GetByte(); // and then go on with scanning.
  223. }while('\n'!=x);
  224. return x;
  225. }
  226. // At this point we have a clean byte...
  227. Workspace += // Add it to the workspace in the
  228. x << base64_seg2_shift; // correct position.
  229. // Byte number 4 of the block...
  230. x=FilterChain::GetByte(); // Grab the byte...
  231. if('='==x && DequeIx > 2) // If we've got a pad here the most
  232. DequeIx=2; // we can have are 2 valid outputs.
  233. x=Base64Table[x]; // Convert the byte.
  234. if(XX64==x) { // The byte can't be invalid...
  235. ScanIx=DequeIx=0; // If it is then we reset ourself,
  236. do{ // eat the rest of this line,
  237. y=x;x=FilterChain::GetByte(); // and then go on with scanning.
  238. }while('\n'!=x);
  239. return x;
  240. }
  241. // At this point we have a clean byte...
  242. Workspace += // Add it to the workspace in the
  243. x << base64_seg3_shift; // correct position.
  244. // At this point we are ready to begin outputting our bytes.
  245. ScanIx=2; // Output always starts byte three.
  246. return GetByte(); // Return our first decoded byte.
  247. } else { // If there are bytes ready then spit them out.
  248. x=(Workspace >> (ScanIx * 8)) & 0xFF; // Grab the byte we want.
  249. ScanIx--; // Decrement our output index.
  250. DequeIx--; // Decrement our output count.
  251. return x; // Send back our byte.
  252. }
  253. break;
  254. }
  255. }
  256. // We should never get to this point.
  257. return 0; // Dummy to make the compiler happy.
  258. }
  259. // FilterChainQuotedPrintable Methods.
  260. // isHexDigit()
  261. // Returns true if i is a valid hex digit.
  262. bool FilterChainQuotedPrintable::isHexDigit(unsigned char i) {
  263. if(
  264. (i >= '0' && i <= '9') || // Hex digits must be 0-9 or
  265. (i >= 'A' && i <= 'F') || // A-F or
  266. (i >= 'a' && i <= 'f') // a-f if somebody used lower case.
  267. ) {
  268. return true; // If i is one of these we are true
  269. } else {
  270. return false; // IF i is not then we are false
  271. }
  272. }
  273. // convertHexDigit()
  274. // Returns an integer value for the hex digit i
  275. int FilterChainQuotedPrintable::convertHexDigit(unsigned char i) {
  276. if(i >= '0' && i <= '9') { // Digit chars convert directly.
  277. return i - '0';
  278. } else if (i >= 'A' && i <= 'F') { // Cap A-F convert to 10 - 15
  279. return i - 'A' + 10;
  280. } else if (i >= 'a' && i <= 'f') { // Small A-F convert to 10 - 15
  281. return i - 'a' + 10;
  282. }
  283. return -1; // Return -1 if i was not a hex digit!
  284. }
  285. // GetByte()
  286. // Returns the next byte from this filter module.
  287. unsigned char FilterChainQuotedPrintable::GetByte() {
  288. switch(State) { // What are we doing?
  289. case SCANNING: // We're scanning to turn on...
  290. Buffer[0]=FilterChain::GetByte();
  291. if('='== Buffer[0]) { // If we've found an = then we're on.
  292. Buffer[1]=FilterChain::GetByte(); // Fill up the decoding buffer with
  293. Buffer[2]=FilterChain::GetByte(); // the next two bytes,
  294. BufferIndex = 0; // Setup the buffer index.
  295. BufferLength = 3; // Setup the buffer length.
  296. State = DECODING; // Set our mode and get the result
  297. return GetByte(); // by calling ourselves!
  298. } else
  299. return Buffer[0]; // Otherwise just pass through.
  300. break;
  301. case DEQUEING: // We're recovering from a false start...
  302. if(BufferIndex < BufferLength) { // If we've got buffered stuff then
  303. return Buffer[BufferIndex++]; // return it and move the pointer.
  304. } else { // If we've run out of stuff then
  305. BufferIndex = 0; // Reset our index and our
  306. BufferLength = 0; // buffer length, then set our
  307. State = SCANNING; // mode to SCANNING and return
  308. return GetByte(); // the next byte from there.
  309. }
  310. break;
  311. case DECODING: // We're decoding data...
  312. // Now we are decoding quoted printable data. First we will handle the case
  313. // where this is a soft line break. In that case we simply eat the encoded bytes
  314. // and set up to dequeue the last byte.
  315. if(Buffer[1] == '\n') { // If this is a soft break the
  316. BufferIndex = 2; // point our dequeue index at the last byte
  317. State = DEQUEING; // establish our DEQUEING state and
  318. return GetByte(); // return by letteing DEQUEING do it!
  319. }
  320. // If it wasn't a soft break then we _may_ need to decode it. We will find
  321. // out by looking for hex digits in the next two locations. If they are there
  322. // we are decoding. If not then we will simply dequeue the entire buffer.
  323. if(
  324. isHexDigit(Buffer[1]) && // If the next two bytes are hex
  325. isHexDigit(Buffer[2]) // digits then we can convert them.
  326. ) {
  327. Workspace= // Set our workspace to convert the
  328. (convertHexDigit(Buffer[1]) << 4) | // two hex digits into a single
  329. (convertHexDigit(Buffer[2])); // byte.
  330. Buffer[2] = Workspace & 0xFF; // Store that byte in our buffer.
  331. BufferIndex = 2; // Set the index and change our
  332. State = DEQUEING; // state to DEQUEING then let that
  333. return GetByte(); // code spit it out!
  334. } else { // If either byte was not a valid
  335. State = DEQUEING; // hex digit DEQUEUE the entire
  336. return GetByte(); // buffer.
  337. }
  338. break;
  339. };
  340. return FilterChain::GetByte(); // Dummy
  341. }
  342. /////////////////////////////////////////////////////////////////////////////////////////
  343. // FilterChainDefunker
  344. /////////////////////////////////////////////////////////////////////////////////////////
  345. const char* DefunkerPreamble = " ----[DEFUNKER]---- ";
  346. // Patterns to match
  347. const char* patMatchBR = "<br>";
  348. const char* patMatchP = "<p>";
  349. const char* patNBSP = "&nbsp;";
  350. const char* patAMP = "&amp;";
  351. const char* patAPOS = "&apos;";
  352. const char* patLT = "&lt;";
  353. const char* patGT = "&gt;";
  354. const char* patQUOT = "&quot;";
  355. // SkipHeaders() waits for the headers to go by before launching Store().
  356. unsigned char FilterChainDefunker::SkipHeaders() { // While waiting EOH...
  357. unsigned char x = FilterChain::GetByte(); // Get a byte.
  358. if(LastRawByte == '\n' && x == '\n') { // If we're at EOH
  359. Master = &FilterChainDefunker::Store; // Go to store mode.
  360. return x; // and return the byte.
  361. } // If we're not at EOH
  362. LastRawByte = x; // then remember this byte
  363. return x; // and return it.
  364. }
  365. // Store() puts the original data into the buffer for later.
  366. unsigned char FilterChainDefunker::Store() { // While in Store mode,
  367. unsigned char x; // we need a byte.
  368. try {
  369. if(DefunkerSize <= InputPosition)
  370. throw Empty("FilterChainDefunker: No more data"); // Careful about the buffer.
  371. x = FilterChain::GetByte(); // Try getting the next byte
  372. StoreBuffer[InputPosition++] = x; // and storing it.
  373. }
  374. catch(const Empty&) { // When we get the Empty
  375. Master = &FilterChainDefunker::ReadOut; // signal it is time for us
  376. return GetByte(); // to read out our data.
  377. }
  378. return x; // Otherwis pass on the byte.
  379. }
  380. // ReadOut() retrieves the stored data through the state engine.
  381. unsigned char FilterChainDefunker::ReadOut() { // Read out and dedup spaces.
  382. if(LastReadOut == ' ') { // If the last byte was a space
  383. while(LastReadOut == ' ') { // then eat all of the spaces
  384. LastReadOut = SpaceConvChart[GetInternal()]; // that come next with spaces
  385. } // converted.
  386. } else { // If it was not a space then
  387. LastReadOut = SpaceConvChart[GetInternal()]; // simply read the next byte
  388. } // with spaces converted.
  389. return LastReadOut; // Output the byte we found.
  390. }
  391. // GetStore() retrieves the raw store for the state engine.
  392. unsigned char FilterChainDefunker::GetStore() { // Read from the Store.
  393. if(OutputPosition >= InputPosition) {
  394. throw Empty("FilterChainDefunker: No more data"); // If we're out of bytes throw Empty.
  395. }
  396. return LastGetStore = StoreBuffer[OutputPosition++]; // If we have more, trap and send it.
  397. }
  398. //// The following functions make up the state engine with the state maintained
  399. //// as a function pointer in the (*Internal)() handle.
  400. unsigned char FilterChainDefunker::Preamble() { // Emit the preamble.
  401. for(
  402. int p=0; // Load the preamble into
  403. DefunkerPreamble[p]; // the queue.
  404. p++) EnQueue(DefunkerPreamble[p]);
  405. Internal = &FilterChainDefunker::DeQueue; // Set up the DeQueue mode
  406. return GetInternal(); // and return the next byte.
  407. }
  408. unsigned char FilterChainDefunker::DefunkRoot() { // While in DefunkRoot state...
  409. unsigned char x = 0; // One byte at a time via x.
  410. do { // Loop through any emptiness.
  411. ReturnNothing = false; // Be ready to return a byte.
  412. x = GetStore(); // Grab the next byte to process.
  413. if(x == '<') { // If it matches < then
  414. Internal = &FilterChainDefunker::OpenTag; // go to OpenTag state and
  415. x = GetInternal(); // return the converted byte.
  416. } else
  417. if(x == '&') { // If it matches & then
  418. Internal = &FilterChainDefunker::OpenAmp; // go to OpenAnd state and
  419. EnQueue(x); // push in the amphersand.
  420. x = GetInternal(); // return the converted byte.
  421. }
  422. // If x is none of the above then x is just x.
  423. } while (true == ReturnNothing); // Returning nothing? Go again!
  424. return x; // otherwise return a funkless x.
  425. }
  426. unsigned char FilterChainDefunker::OpenTag() { // While in OpenTag state
  427. unsigned char x = GetStore(); // grab the next byte.
  428. switch(tolower(x)) { // Check the lower case of x.
  429. case 'b': // If we have a 'b' then
  430. Internal = &FilterChainDefunker::MatchBR; // our mode is MatchBR.
  431. break;
  432. case 'p': // If we have a 'p' then
  433. Internal = &FilterChainDefunker::MatchP; // our mode is MatchP.
  434. break;
  435. default: // If we did not match then
  436. Internal = &FilterChainDefunker::EatTag; // our mode is EatTag.
  437. break;
  438. }
  439. return GetInternal(); // Return the next byte.
  440. }
  441. unsigned char FilterChainDefunker::OpenAmp() { // While in OpenAmp state
  442. unsigned char x = GetStore(); // grab the next byte.
  443. if(tolower(x) == 'n') { // If it matched n then
  444. EnQueue(x); // push in the n -
  445. Internal = &FilterChainDefunker::MatchNBSP; // we are working on &nbsp;
  446. return GetInternal(); // return the next byte.
  447. } else
  448. if(tolower(x) == 'a') { // If it matched a then
  449. EnQueue(x); // push in the a -
  450. Internal = &FilterChainDefunker::SwitchAMPAPOS; // is it AMP or APOS?
  451. return GetInternal(); // return the next byte.
  452. } else
  453. if(tolower(x) == 'l') { // If it matched l then
  454. EnQueue(x); // push in the l -
  455. Internal = &FilterChainDefunker::MatchLT; // we are working on &lt;
  456. return GetInternal(); // return the next byte.
  457. } else
  458. if(tolower(x) == 'g') { // If it matched g then
  459. EnQueue(x); // push in the g -
  460. Internal = &FilterChainDefunker::MatchGT; // we are working on &gt;
  461. return GetInternal(); // return the next byte.
  462. } else
  463. if(tolower(x) == 'q') { // If it matched q then
  464. EnQueue(x); // push in the q -
  465. Internal = &FilterChainDefunker::MatchQUOT; // we are working on &quot;
  466. return GetInternal(); // return the next byte.
  467. } else
  468. if(x == '#') { // If it matched # then
  469. EnQueue(x); // push in the # -
  470. Internal = &FilterChainDefunker::DecodeNum; // we are working on &#...;
  471. return GetInternal(); // return the next byte.
  472. }
  473. Internal = &FilterChainDefunker::DeQueue; // If nothing matched then
  474. return GetInternal(); // punt and dequeue.
  475. }
  476. unsigned char FilterChainDefunker::MatchBR() { // If our mode is MatchBR
  477. if(MatchTagPattern(patMatchBR)) { // If we matched our pattern
  478. Internal = &FilterChainDefunker::DefunkRoot; // go to DefunkRoot state
  479. return ' '; // and return a space.
  480. } // If we did not match then
  481. Internal = &FilterChainDefunker::EatTag; // go to EatTag state and
  482. return GetInternal(); // return the next byte.
  483. }
  484. unsigned char FilterChainDefunker::MatchP() { // If our mode is MatchP
  485. if(MatchTagPattern(patMatchP)) { // if we matched our pattern
  486. Internal = &FilterChainDefunker::DefunkRoot; // go to DefunkRoot state
  487. return ' '; // and return a space.
  488. } // If we did not match then
  489. Internal = &FilterChainDefunker::EatTag; // go to EatTag state and
  490. return GetInternal(); // return the next byte.
  491. }
  492. unsigned char FilterChainDefunker::MatchNBSP() { // If our mode is MatchNBSP
  493. int pos = 2; // We've seen &n so far.
  494. while(patNBSP[pos]){ // Look through the pattern
  495. unsigned char x = GetStore(); // getting one byte at a time.
  496. EnQueue(x); // Push each into the queue.
  497. if(tolower(x)!=patNBSP[pos]) break; // If we fall off, get out.
  498. pos++; // otherwise keep going.
  499. }
  500. // At this point our pattern[pos] is either 0 (a match) or not.
  501. if(patNBSP[pos]) { // If we did not match then
  502. Internal = &FilterChainDefunker::DeQueue; // set our state to dequeue
  503. return GetInternal(); // and return the next byte.
  504. }
  505. // If we did match the pattern
  506. ClearQueue(); // then clear the queue and
  507. Internal = &FilterChainDefunker::DefunkRoot; // go back to root mode then
  508. return ' '; // return a space.
  509. }
  510. unsigned char FilterChainDefunker::MatchLT() { // If our mode is MatchLT
  511. int pos = 2; // We've seen &l so far.
  512. while(patLT[pos]){ // Look through the pattern
  513. unsigned char x = GetStore(); // getting one byte at a time.
  514. EnQueue(x); // Push each into the queue.
  515. if(tolower(x)!=patLT[pos]) break; // If we fall off, get out.
  516. pos++; // otherwise keep going.
  517. }
  518. // At this point our pattern[pos] is either 0 (a match) or not.
  519. if(patLT[pos]) { // If we did not match then
  520. Internal = &FilterChainDefunker::DeQueue; // set our state to dequeue
  521. return GetInternal(); // and return the next byte.
  522. }
  523. // If we did match the pattern
  524. ClearQueue(); // then clear the queue and
  525. Internal = &FilterChainDefunker::DefunkRoot; // go back to root mode then
  526. return '<'; // return a <.
  527. }
  528. unsigned char FilterChainDefunker::MatchGT() { // If our mode is MatchGT
  529. int pos = 2; // We've seen &g so far.
  530. while(patGT[pos]){ // Look through the pattern
  531. unsigned char x = GetStore(); // getting one byte at a time.
  532. EnQueue(x); // Push each into the queue.
  533. if(tolower(x)!=patGT[pos]) break; // If we fall off, get out.
  534. pos++; // otherwise keep going.
  535. }
  536. // At this point our pattern[pos] is either 0 (a match) or not.
  537. if(patGT[pos]) { // If we did not match then
  538. Internal = &FilterChainDefunker::DeQueue; // set our state to dequeue
  539. return GetInternal(); // and return the next byte.
  540. }
  541. // If we did match the pattern
  542. ClearQueue(); // then clear the queue and
  543. Internal = &FilterChainDefunker::DefunkRoot; // go back to root mode then
  544. return '>'; // return a >.
  545. }
  546. unsigned char FilterChainDefunker::MatchQUOT() { // If our mode is MatchQUOT
  547. int pos = 2; // We've seen &q so far.
  548. while(patQUOT[pos]){ // Look through the pattern
  549. unsigned char x = GetStore(); // getting one byte at a time.
  550. EnQueue(x); // Push each into the queue.
  551. if(tolower(x)!=patQUOT[pos]) break; // If we fall off, get out.
  552. pos++; // otherwise keep going.
  553. }
  554. // At this point our pattern[pos] is either 0 (a match) or not.
  555. if(patQUOT[pos]) { // If we did not match then
  556. Internal = &FilterChainDefunker::DeQueue; // set our state to dequeue
  557. return GetInternal(); // and return the next byte.
  558. }
  559. // If we did match the pattern
  560. ClearQueue(); // then clear the queue and
  561. Internal = &FilterChainDefunker::DefunkRoot; // go back to root mode then
  562. return '\"'; // return a quote.
  563. }
  564. unsigned char FilterChainDefunker::SwitchAMPAPOS() { // We are chosing AMP or APOS.
  565. unsigned char x = GetStore(); // Get the next byte.
  566. EnQueue(x); // Put it into the queue.
  567. if(tolower(x)=='m') { // If we matched m then we
  568. Internal = &FilterChainDefunker::MatchAMP; // are working on MatchAMP.
  569. return GetInternal(); // Go get it.
  570. } else
  571. if(tolower(x)=='p') { // If we matched p then we
  572. Internal = &FilterChainDefunker::MatchAPOS; // are working on MatchAPOS.
  573. return GetInternal(); // Go get it.
  574. }
  575. Internal = &FilterChainDefunker::DeQueue; // If we didn't match either
  576. return GetInternal(); // we punt and DeQueue.
  577. }
  578. unsigned char FilterChainDefunker::MatchAPOS() { // If our mode is MatchAPOS
  579. int pos = 3; // We've seen &ap so far.
  580. while(patAPOS[pos]){ // Look through the pattern
  581. unsigned char x = GetStore(); // getting one byte at a time.
  582. EnQueue(x); // Push each into the queue.
  583. if(tolower(x)!=patAPOS[pos]) break; // If we fall off, get out.
  584. pos++; // otherwise keep going.
  585. }
  586. // At this point our pattern[pos] is either 0 (a match) or not.
  587. if(patAMP[pos]) { // If we did not match then
  588. Internal = &FilterChainDefunker::DeQueue; // set our state to dequeue
  589. return GetInternal(); // and return the next byte.
  590. }
  591. // If we did match the pattern
  592. ClearQueue(); // then clear the queue and
  593. Internal = &FilterChainDefunker::DefunkRoot; // go back to root mode then
  594. return '\''; // return an apostrophie.
  595. }
  596. unsigned char FilterChainDefunker::MatchAMP() { // If our mode is MatchAMP
  597. int pos = 3; // We've seen &am so far.
  598. while(patAMP[pos]){ // Look through the pattern
  599. unsigned char x = GetStore(); // getting one byte at a time.
  600. EnQueue(x); // Push each into the queue.
  601. if(tolower(x)!=patAMP[pos]) break; // If we fall off, get out.
  602. pos++; // otherwise keep going.
  603. }
  604. // At this point our pattern[pos] is either 0 (a match) or not.
  605. if(patAMP[pos]) { // If we did not match then
  606. Internal = &FilterChainDefunker::DeQueue; // set our state to dequeue
  607. return GetInternal(); // and return the next byte.
  608. }
  609. // If we did match the pattern
  610. ClearQueue(); // then clear the queue and
  611. Internal = &FilterChainDefunker::DefunkRoot; // go back to root mode then
  612. return '&'; // return an amphersand.
  613. }
  614. unsigned char FilterChainDefunker::EatTag() { // If our mode is EatTag
  615. if(LastGetStore != '>') { // and our last byte was not
  616. while(GetStore()!='>')continue; // endtag then eat through
  617. } // the end tag. Then set our
  618. ReturnNothing = true; // ReturnNothing flag, set our
  619. Internal = &FilterChainDefunker::DefunkRoot; // mode to DefunkRoot and
  620. return 0; // return 0 (nothing, really).
  621. }
  622. unsigned char FilterChainDefunker::DecodeNum() { // If our mode is DecodeNum
  623. unsigned char NumBfr[5]; // A buffer for digits.
  624. memset(NumBfr,0,sizeof(NumBfr)); // Clear the buffer.
  625. for( // Let's read the number...
  626. unsigned int i=0; // NumBfr position = 0;
  627. i<(sizeof(NumBfr)-1) && // Stay well within the NunBfr.
  628. (EnQueue(NumBfr[i]=GetStore()), // Read and EnQueue each byte.
  629. isdigit(NumBfr[i])); // Keep going if it's a digit.
  630. i++)continue; // Move the buffer pointer.
  631. // Check for a proper finish...
  632. if(LastGetStore != ';') { // If we didn't end properly
  633. Internal = &FilterChainDefunker::DeQueue; // then we will punt and
  634. return GetInternal(); // DeQueue.
  635. }
  636. // At this point, NumBfr contains a c_str of the number to be decoded.
  637. // Also, the Qbfr has each byte we read in case we want to punt.
  638. int Decoded = atol((const char*)NumBfr); // Read the number.
  639. if(Decoded < 32 || Decoded > 255) { // If the number we read is
  640. Internal = &FilterChainDefunker::DeQueue; // out of range then we
  641. return GetInternal(); // punt and DeQueue.
  642. }
  643. // If we decoded a character
  644. ClearQueue(); // that is in range of normal
  645. Internal = &FilterChainDefunker::DefunkRoot; // ascii then clear the queue,
  646. return (unsigned char) Decoded; // go back to DefunkRoot, and
  647. } // return the decoded byte.
  648. /////////////////////////////////////////////////////////////////////////////////////////
  649. // FilterChainUrlDecode
  650. /////////////////////////////////////////////////////////////////////////////////////////
  651. unsigned char FilterChainUrlDecode::Bypass() { // In Bypass mode...
  652. unsigned char c = FilterChain::GetByte(); // Get the raw byte.
  653. if(c == '<') { // If it was '<' we begin.
  654. Internal = &FilterChainUrlDecode::Tag; // Go to Tag mode.
  655. AddToBfr(c); // Write the byte to our buffer.
  656. }
  657. return c; // Always return the byte.
  658. }
  659. unsigned char FilterChainUrlDecode::Tag() { // In Tag mode...
  660. unsigned char c = FilterChain::GetByte(); // Get the raw byte.
  661. if(tolower(c) == 'a') { // If we're in an anchor tag
  662. Internal = &FilterChainUrlDecode::Root; // Go to Decode Root mode.
  663. AddToBfr(c); // Write the byte to our buffer.
  664. } else
  665. if(tolower(c) == 'i') { // If we might be in an img tag
  666. Internal = &FilterChainUrlDecode::Img1; // Go to Img1 mode.
  667. AddToBfr(c); // Write the byte to our buffer.
  668. } else { // If we didn't match
  669. DecodeBfr[0] = 0; // we clear out the Decode
  670. DecodeBfr[1] = 0; // buffer. (Save some bytes by
  671. DecodeLength = 0; // doing it manually) Then we
  672. Internal = &FilterChainUrlDecode::Bypass; // Go to Bypass mode again.
  673. }
  674. return c; // Always return the byte.
  675. }
  676. unsigned char FilterChainUrlDecode::Img1() { // In Img1 mode...
  677. unsigned char c = FilterChain::GetByte(); // Get the raw byte.
  678. if(tolower(c)=='m') { // If we're still in an img tag
  679. Internal = &FilterChainUrlDecode::Img2; // Go to Img2 mode.
  680. AddToBfr(c); // Write the byte to our buffer.
  681. } else { // If we didn't match
  682. DecodeBfr[0] = 0; // we clear out the Decode
  683. DecodeBfr[1] = 0; // buffer and go back to
  684. DecodeBfr[2] = 0; // Bypass mode again.
  685. DecodeLength = 0;
  686. Internal = &FilterChainUrlDecode::Bypass;
  687. }
  688. return c; // Always return the byte.
  689. }
  690. unsigned char FilterChainUrlDecode::Img2() { // In Img2 mode...
  691. unsigned char c = FilterChain::GetByte(); // Get the raw byte.
  692. if(tolower(c)=='g') { // If we're still in an img tag
  693. Internal = &FilterChainUrlDecode::Root; // Go to Decode Root mode.
  694. AddToBfr(c); // Write the byte to our buffer.
  695. } else { // If we didn't match
  696. DecodeBfr[0] = 0; // we clear out the Decode
  697. DecodeBfr[1] = 0; // buffer and go back to
  698. DecodeBfr[2] = 0; // Bypass mode again.
  699. DecodeBfr[3] = 0;
  700. DecodeLength = 0;
  701. Internal = &FilterChainUrlDecode::Bypass;
  702. }
  703. return c; // Always return the byte.
  704. }
  705. unsigned char FilterChainUrlDecode::Root() { // While in Decode Root mode...
  706. unsigned char c = FilterChain::GetByte(); // Get the raw byte.
  707. AddToBfr(c); // Push it into the buffer.
  708. // Now we will switch modes based on the byte we get.
  709. if(c == '%') { // If we have '%' then it is
  710. Internal = &FilterChainUrlDecode::GetD1; // time to start decoding.
  711. } else
  712. if(c == '>') { // If we have '>' and
  713. if(DecodeFlag) { // we did some decoding then
  714. Internal = &FilterChainUrlDecode::Inject; // it is time to inject the result.
  715. } else { // If there was no decoding then
  716. Clear(); // we clear out our buffer and
  717. Internal = &FilterChainUrlDecode::Bypass; // it is time to go to sleep.
  718. }
  719. }
  720. // This next bit protects against malformed HTML by watching for any new tag
  721. // start. If one occurs, then we throw away our current decoding and assume a state
  722. // that starts with the new open "<".
  723. if(c == '<') { // If found a new < then we
  724. Clear(); // clear the buffer,
  725. AddToBfr(c); // Add the '<' back in, and
  726. Internal = &FilterChainUrlDecode::Tag; // go back to Tag mode.
  727. }
  728. return c; // Always return the byte.
  729. }
  730. unsigned char FilterChainUrlDecode::GetD1() { // Get the first digit.
  731. unsigned char c = FilterChain::GetByte(); // Read the raw byte.
  732. AddToBfr(c); // Add it to the buffer.
  733. Internal = &FilterChainUrlDecode::GetD2; // Move to GetD2 mode.
  734. return c; // Always return the byte.
  735. }
  736. // isHexDigit()
  737. // Returns true if i is a valid hex digit.
  738. bool FilterChainUrlDecode::isHexDigit(unsigned char i) {
  739. if(
  740. (i >= '0' && i <= '9') || // Hex digits must be 0-9 or
  741. (i >= 'A' && i <= 'F') || // A-F or
  742. (i >= 'a' && i <= 'f') // a-f if somebody used lower case.
  743. ) {
  744. return true; // If i is one of these we are true
  745. } else {
  746. return false; // IF i is not then we are false
  747. }
  748. }
  749. // convertHexDigit()
  750. // Returns an integer value for the hex digit i
  751. int FilterChainUrlDecode::convertHexDigit(unsigned char i) {
  752. if(i >= '0' && i <= '9') { // Digit chars convert directly.
  753. return i - '0';
  754. } else if (i >= 'A' && i <= 'F') { // Cap A-F convert to 10 - 15
  755. return i - 'A' + 10;
  756. } else if (i >= 'a' && i <= 'f') { // Small A-F convert to 10 - 15
  757. return i - 'a' + 10;
  758. }
  759. return -1; // Return -1 if i was not a hex digit!
  760. }
  761. // convertHexByte()
  762. // Returns an integer value for a hex string representing a byte.
  763. unsigned char FilterChainUrlDecode::convertHexByte(unsigned char* x) {
  764. unsigned char working = convertHexDigit(x[1]); // Convert the low order nybl.
  765. working = working + (16 * convertHexDigit(x[0])); // Convert the high order nybl.
  766. return working; // Return the result.
  767. }
  768. unsigned char FilterChainUrlDecode::GetD2() { // Get the second digit.
  769. unsigned char c = FilterChain::GetByte(); // Read the raw byte.
  770. AddToBfr(c); // Add it to the buffer.
  771. // At this point the end of our DecodeBfr has a c_str of a small hex integer (we hope)
  772. // that we can decode. If we successfully decode it then we will replace %xx in our
  773. // DecodeBfr with the character that is represented by that byte.
  774. // Do we really have an encoded byte to decode?
  775. int codepos = DecodeLength-3; // Grab the position of the hex.
  776. if(
  777. DecodeBfr[codepos]=='%' && // If the first char is %
  778. isHexDigit(DecodeBfr[codepos+1]) && // and the second is a hex digit
  779. isHexDigit(DecodeBfr[codepos+2]) // and the third is a hex digit
  780. ){ // then we can decode the string.
  781. unsigned char q = convertHexByte(DecodeBfr+codepos+1); // Decode the byte.
  782. if(q >= 32) { // If the byte is in range then
  783. DecodeBfr[codepos] = q; // Replace the % with the byte
  784. DecodeBfr[--DecodeLength] = 0; // backup over and erase the hex
  785. DecodeBfr[--DecodeLength] = 0; // digits themselves.
  786. DecodeFlag = true; // Set the decode flag.
  787. }
  788. // If we decided the byte was not decodable for some reason then the original data
  789. // remains in the buffer as it was originally read.
  790. }
  791. Internal = &FilterChainUrlDecode::Root; // Get ready to decode more.
  792. return c; // Always return the byte.
  793. }
  794. unsigned char FilterChainUrlDecode::Inject() { // Inject the decoded result.
  795. if(
  796. DecodeBfr[DecodePosition] && // If we've got more bytes
  797. DecodePosition < sizeof(DecodeBfr)) { // and we're safely in our buffer
  798. return DecodeBfr[DecodePosition++]; // then return the byte and move
  799. } // ahead.
  800. // Once the buffer is empty we
  801. Clear(); // clear out the system, and go
  802. Internal = &FilterChainUrlDecode::Bypass; // back to bypass mode. Then
  803. return GetByte(); // return the next bypassed byte.
  804. }
  805. ////////////////////////////////////////////////////////////////////////////////
  806. // FilterChainHeaderAnalysis
  807. ////////////////////////////////////////////////////////////////////////////////
  808. int FilterChainHeaderAnalysis::FollowPattern(char c) { // Follow the pattern.
  809. c = tolower(c); // Convert c to lower case.
  810. if(c != MatchPattern[MatchIndex]) { // If c doesn't match the pattern
  811. return -1; // then return -1 indicating we fell off.
  812. } else { // If it did match the pattern then
  813. MatchIndex++; // move ahead to the next byte and
  814. if(0 == MatchPattern[MatchIndex]) { // take a look. If that's all there was
  815. return 0; // then we've finished :-)
  816. }
  817. } // If we matched and there's more to do
  818. return 1; // then we return 1.
  819. }
  820. unsigned char FilterChainHeaderAnalysis::doSeekNL() { // Looking for a new line.
  821. unsigned char c = GetCheckedByte(); // Get the next byte (and check for high bits)
  822. if('\n' == c) { // If it was a new line then
  823. Mode = &FilterChainHeaderAnalysis::doSeekDispatch; // move on to the next mode
  824. } // for the next byte and
  825. return c; // return the byte we got.
  826. }
  827. unsigned char FilterChainHeaderAnalysis::doSeekDispatch() { // Looking at the first char after NL.
  828. unsigned char c = GetCheckedByte(); // Get the next byte (and check for high bits)
  829. switch(tolower(c)) { // Switch modes based on what this byte is.
  830. case '\n': { // If it is a New Line then the headers are
  831. Mode = &FilterChainHeaderAnalysis::doEndOfHeaders; // finished - so we set up our EndOfHeaders
  832. return GetByte(); // mode and return the next byte from there.
  833. break; // The extra NL will be emitted at the end.
  834. }
  835. case 'r': { // If it is an R as in (R)eceived:
  836. SetFollowPattern("eceived:"); // establish the follow pattern and
  837. Mode = &FilterChainHeaderAnalysis::doReceived; // switch to doReceived mode.
  838. break;
  839. }
  840. case 'f': { // If it is an F as in (F)rom:
  841. SetFollowPattern("rom:"); // establish the follow pattern and
  842. Mode = &FilterChainHeaderAnalysis::doFrom; // switch to doFrom mode.
  843. break;
  844. }
  845. case 't': { // If it is an T as in (T)o:
  846. SetFollowPattern("o:"); // establish the follow pattern and
  847. Mode = &FilterChainHeaderAnalysis::doTo; // switch to doTo mode.
  848. break;
  849. }
  850. case 'c': { // If it is a C as in (C)C:
  851. SetFollowPattern("c:"); // establish the follow pattern and
  852. Mode = &FilterChainHeaderAnalysis::doCC; // switch to doCC mode.
  853. break;
  854. }
  855. case 'm': { // If it is an M as in (M)essage-id:
  856. SetFollowPattern("essage-id:"); // establish the follow pattern and
  857. Mode = &FilterChainHeaderAnalysis::doMessageID; // switch to doMessageID mode.
  858. break;
  859. }
  860. case 'd': { // If it is a D as in (D)ate:
  861. SetFollowPattern("ate:"); // establish the follow pattern and
  862. Mode = &FilterChainHeaderAnalysis::doDate; // switch to doDate mode.
  863. break;
  864. }
  865. case 's': { // If it is an S as in (S)ubject:
  866. SetFollowPattern("ubject:"); // establish the follow pattern and
  867. Mode = &FilterChainHeaderAnalysis::doSubject; // switch to doSubject mode.
  868. break;
  869. }
  870. default: { // If we don't recognize the byte then
  871. Mode = &FilterChainHeaderAnalysis::doSeekNL; // go back to looking for a new line.
  872. break;
  873. }
  874. } // Once all of our mode switching is handled
  875. return c; // we return the byte we got.
  876. }
  877. unsigned char FilterChainHeaderAnalysis::doReceived() { // Identifying a Received: header.
  878. unsigned char c = FilterChain::GetByte(); // Get the next byte of the header tag.
  879. switch(FollowPattern(c)) { // See if we're still on the path.
  880. case -1: { // If we're not on the right tag then
  881. Mode = &FilterChainHeaderAnalysis::doSeekNL; // go back to looking for the next one.
  882. break;
  883. }
  884. case 0: { // If we've found the end of our tag (match!)
  885. Mode = &FilterChainHeaderAnalysis::doFindIP; // start looking for the IP.
  886. IPToTest = ""; // Clear the IPToTest buffer.
  887. break;
  888. }
  889. default: { // If we're still following along then
  890. break; // keep on keepin' on.
  891. }
  892. } // Once we know what we're doing we
  893. return c; // return the character we got.
  894. }
  895. unsigned char FilterChainHeaderAnalysis::doFindIP() { // Seeking the [IP] in a Received header.
  896. unsigned char c = GetCheckedByte(); // Get a checked byte.
  897. switch(c) {
  898. case '[': { // If we find the [ then
  899. Mode = &FilterChainHeaderAnalysis::doTestIP; // set up to grab and test the IP.
  900. break;
  901. }
  902. case '\n': { // If we come across a newline then
  903. Mode = &FilterChainHeaderAnalysis::doSeekNL; // we must be lost so go back to basics.
  904. break;
  905. }
  906. default: { // For anything else we keep on going.
  907. break;
  908. }
  909. }
  910. return c; // Return the byte.
  911. }
  912. //// 20070614 _M Improved IP exctaction from received headers so that if the
  913. //// apparent IP contains any unusual bytes (not digits or dots) then the
  914. //// attempt is abandoned.
  915. unsigned char FilterChainHeaderAnalysis::doTestIP() { // Gets and tests the [IP].
  916. unsigned char c = FilterChain::GetByte(); // Get the next byte.
  917. switch(c) {
  918. case ']': { // If we come to ] we've got it!
  919. IPTester.test(IPToTest, IPTestResult); // Do the test with this IP.
  920. if(0 == IPTestResult.length()) { // If the IP test wants us to truncate
  921. throw Empty("FilterChainHeaderAnalysis: Truncate"); // the message then throw Empty!
  922. } // Otherwise, proceed as per normal...
  923. SetOutputBuffer(IPTestResult); // Put the result in the output buffer.
  924. Mode = &FilterChainHeaderAnalysis::doInjectIPTestResult; // Set the mode to inject the result.
  925. break; // That will start on the next byte.
  926. }
  927. case '0': // IPs are made of digits and dots.
  928. case '1':
  929. case '2':
  930. case '3':
  931. case '4':
  932. case '5':
  933. case '6':
  934. case '7':
  935. case '8':
  936. case '9':
  937. case '.': { // Capture the IP between [ and ]
  938. IPToTest += c; // one byte at a time.
  939. break;
  940. }
  941. default: { // If we find anything else we must be
  942. Mode = &FilterChainHeaderAnalysis::doSeekNL; // lost so we go back to the basics.
  943. break;
  944. }
  945. }
  946. return c;
  947. }
  948. unsigned char FilterChainHeaderAnalysis::doFrom() { // Identifying a From: header.
  949. unsigned char c = FilterChain::GetByte(); // Get the next byte of the header tag.
  950. switch(FollowPattern(c)) { // See if we're still on the path.
  951. case -1: { // If we're not on the right tag then
  952. Mode = &FilterChainHeaderAnalysis::doSeekNL; // go back to looking for the next one.
  953. break;
  954. }
  955. case 0: { // If we've found the end of our tag (match!)
  956. Mode = &FilterChainHeaderAnalysis::doSeekNL; // start looking for the the next tag and
  957. FoundFrom = true; // record that this tag was present.
  958. break;
  959. }
  960. default: { // If we're still following along then
  961. break; // keep on keepin' on.
  962. }
  963. } // Once we know what we're doing we
  964. return c; // return the character we got.
  965. }
  966. unsigned char FilterChainHeaderAnalysis::doTo() { // Identifying a To: header.
  967. unsigned char c = FilterChain::GetByte(); // Get the next byte of the header tag.
  968. switch(FollowPattern(c)) { // See if we're still on the path.
  969. case -1: { // If we're not on the right tag then
  970. Mode = &FilterChainHeaderAnalysis::doSeekNL; // go back to looking for the next one.
  971. break;
  972. }
  973. case 0: { // If we've found the end of our tag (match!)
  974. Mode = &FilterChainHeaderAnalysis::doSeekNL; // start looking for the the next tag and
  975. FoundTo = true; // record that this tag was present.
  976. break;
  977. }
  978. default: { // If we're still following along then
  979. break; // keep on keepin' on.
  980. }
  981. } // Once we know what we're doing we
  982. return c; // return the character we got.
  983. }
  984. unsigned char FilterChainHeaderAnalysis::doCC() { // Identifying a CC: header.
  985. unsigned char c = FilterChain::GetByte(); // Get the next byte of the header tag.
  986. switch(FollowPattern(c)) { // See if we're still on the path.
  987. case -1: { // If we're not on the right tag then
  988. Mode = &FilterChainHeaderAnalysis::doSeekNL; // go back to looking for the next one.
  989. break;
  990. }
  991. case 0: { // If we've found the end of our tag (match!)
  992. Mode = &FilterChainHeaderAnalysis::doSeekNL; // start looking for the the next tag and
  993. FoundCC = true; // record that this tag was present.
  994. break;
  995. }
  996. default: { // If we're still following along then
  997. break; // keep on keepin' on.
  998. }
  999. } // Once we know what we're doing we
  1000. return c; // return the character we got.
  1001. }
  1002. unsigned char FilterChainHeaderAnalysis::doMessageID() { // Identifying a MessageID header.
  1003. unsigned char c = FilterChain::GetByte(); // Get the next byte of the header tag.
  1004. switch(FollowPattern(c)) { // See if we're still on the path.
  1005. case -1: { // If we're not on the right tag then
  1006. Mode = &FilterChainHeaderAnalysis::doSeekNL; // go back to looking for the next one.
  1007. break;
  1008. }
  1009. case 0: { // If we've found the end of our tag (match!)
  1010. Mode = &FilterChainHeaderAnalysis::doSeekNL; // start looking for the the next tag and
  1011. FoundMessageID = true; // record that this tag was present.
  1012. break;
  1013. }
  1014. default: { // If we're still following along then
  1015. break; // keep on keepin' on.
  1016. }
  1017. } // Once we know what we're doing we
  1018. return c; // return the character we got.
  1019. }
  1020. unsigned char FilterChainHeaderAnalysis::doDate() { // Identifying a Date: header.
  1021. unsigned char c = FilterChain::GetByte(); // Get the next byte of the header tag.
  1022. switch(FollowPattern(c)) { // See if we're still on the path.
  1023. case -1: { // If we're not on the right tag then
  1024. Mode = &FilterChainHeaderAnalysis::doSeekNL; // go back to looking for the next one.
  1025. break;
  1026. }
  1027. case 0: { // If we've found the end of our tag (match!)
  1028. Mode = &FilterChainHeaderAnalysis::doSeekNL; // start looking for the the next tag and
  1029. FoundDate = true; // record that this tag was present.
  1030. break;
  1031. }
  1032. default: { // If we're still following along then
  1033. break; // keep on keepin' on.
  1034. }
  1035. } // Once we know what we're doing we
  1036. return c; // return the character we got.
  1037. }
  1038. unsigned char FilterChainHeaderAnalysis::doSubject() { // Identifying a Subject: header.
  1039. unsigned char c = FilterChain::GetByte(); // Get the next byte of the header tag.
  1040. switch(FollowPattern(c)) { // See if we're still on the path.
  1041. case -1: { // If we're not on the right tag then
  1042. Mode = &FilterChainHeaderAnalysis::doSeekNL; // go back to looking for the next one.
  1043. break;
  1044. }
  1045. case 0: { // If we've found the end of our tag (match!)
  1046. Mode = &FilterChainHeaderAnalysis::doSeekNL; // start looking for the the next tag and
  1047. FoundSubject = true; // record that this tag was present.
  1048. break;
  1049. }
  1050. default: { // If we're still following along then
  1051. break; // keep on keepin' on.
  1052. }
  1053. } // Once we know what we're doing we
  1054. return c; // return the character we got.
  1055. }
  1056. unsigned char FilterChainHeaderAnalysis::doEndOfHeaders() { // IdentifyEndOfHeaders & Emit Results.
  1057. // We know we've reached the end of the headers so now
  1058. // we have to formulate the results we want to inject and
  1059. // er... inject them.
  1060. EndOfHeaderResults = "X-SNFHDR: "; // Emit an X header (internal only)
  1061. if(MissingCC()) { EndOfHeaderResults.append("-CC "); } // Emit -CC if no CC header.
  1062. if(MissingTo()) { EndOfHeaderResults.append("-TO "); } // Emit -TO if no TO header (together no to)
  1063. if(MissingFrom()) { EndOfHeaderResults.append("-FROM "); } // Emit -FROM if no FROM header.
  1064. if(MissingDate()) { EndOfHeaderResults.append("-DATE "); } // Emit -DATE if no DATE header.
  1065. if(MissingMessageID()) { EndOfHeaderResults.append("-MESSAGEID "); } // Emit -MESSAGEID if no MESSAGE-ID header.
  1066. if(MissingSubject()) { EndOfHeaderResults.append("-SUBJECT "); } // Emit -SUBJECT if no SUBJECT header.
  1067. if(HighBitCharacters()) { EndOfHeaderResults.append("+HIGHBIT"); } // Emit +HIGHBIT if non-ascii chars present.
  1068. EndOfHeaderResults.append("\n\n"); // Emit the double newline - end of headers.
  1069. SetOutputBuffer(EndOfHeaderResults); // Setup the output string.
  1070. Mode = &FilterChainHeaderAnalysis::doInjectAnalysis; // Switch to the output injection mode.
  1071. return GetByte(); // Return the first byte from there :-)
  1072. }
  1073. void FilterChainHeaderAnalysis::SetOutputBuffer(std::string& s) { // Setup the OutputBuffer.
  1074. OutputBuffer = (char*) s.c_str(); OutputIndex = 0; // Capture the c_str and reset the index.
  1075. }
  1076. unsigned char FilterChainHeaderAnalysis::doInjectIPTestResult() { // Inject OutputBuffer and go to doSeekNL.
  1077. unsigned char c = OutputBuffer[OutputIndex++]; // Get the next byte in the output buffer.
  1078. if(0 == c) { // If it is the null terminator then we
  1079. Mode = &FilterChainHeaderAnalysis::doSeekNL; // go back to seeking lines and return that
  1080. return GetByte(); // byte instead.
  1081. } // If we have a normal byte then we
  1082. return c; // return it.
  1083. }
  1084. unsigned char FilterChainHeaderAnalysis::doInjectAnalysis() { // Inject OutputBuffer and go to doOff.
  1085. unsigned char c = OutputBuffer[OutputIndex++]; // Get the next byte in the output buffer.
  1086. if(0 == c) { // If it is the null terminator then we
  1087. Mode = &FilterChainHeaderAnalysis::doOff; // go back to seeking lines and return that
  1088. return GetByte(); // byte instead.
  1089. } // If we have a normal byte then we
  1090. return c; // return it.
  1091. }