You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

FilterChain.cpp 71KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286
  1. // FilterChain.cpp
  2. //
  3. // (C) 2002-2009 MicroNeil Research Corporation
  4. //
  5. // Main code file for module FilterChain.
  6. // 20041116 _M Added UrlDecode module. The module will repeat a decoded version of
  7. // any anchor tag that it sees which contains decodable %xx bytes. Other anchor
  8. // tags are not repeated.
  9. // 20041116 _M Upgrades to the Defunker module. The module now decodes any HTML
  10. // encoded bytes that could have been normal ascii.
  11. // 20041114 _M Completed basic defunker engine which strips out all HTML and some
  12. // basic   encoding.
  13. // 20041113 _M Began heavy upgrades to this module to improve performance and
  14. // provide additional obfuscation removal. This modification will include a move
  15. // from the use of switch(State) mechanisms to the use of function pointers. This
  16. // should save a few cycles on every byte processed.
  17. #include "FilterChain.hpp"
  18. // FilterChainBase64 Methods.
  19. // GetByte()
  20. // Returns the next byte from this filter module.
  21. unsigned char FilterChainBase64::GetByte() {
  22. switch(State) { // What are we doing?
  23. case SCANNING:{ // We're scanning to turn on...
  24. // In this mode we are hunting for a reason to turn
  25. // ourselves on. If we find our startup sequence then
  26. // we will go into decoding mode. Until then, we try
  27. // to match each incoming character with our startup
  28. // sequence.
  29. while(true) { // Search for our startup string or get out.
  30. try { // Try this...
  31. x=FilterChain::GetByte(); // Get the next byte from source.
  32. } // If we get the empty signal
  33. // here, we've failed to match.
  34. catch(Empty) { // If so - and we haven't
  35. if(0==ScanIx) throw Empty("FilterChainBase64: No more data"); // started then just throw Empty.
  36. x=Base64Start[ScanIx]-1; // If we did start then make
  37. } // sure we won't match below.
  38. // It's important that no empty's get beyond this point unless
  39. // we've got a match started. Otherwise we'll return corruption.
  40. if(x!=Base64Start[ScanIx]){ // If the byte doesnt match,
  41. // and we've started matching
  42. if(0!=ScanIx) { // the sequence then save the
  43. Buffer=x; // byte for later, change to
  44. State=DEQUEING;DequeIx=0; // DEQUING mode, and return
  45. return GetByte(); // the first Dequeued byte.
  46. }
  47. // If there's no match
  48. else return x; // started then shortcut that:
  49. } // just send back the byte.
  50. // We've handled non matches, now time for the good stuff...
  51. else { // This byte matches :-)
  52. ScanIx++; // Move forward!
  53. if(ScanIx>=sizeof(Base64Start)-1){ // If we've matched it all
  54. // then prep for decoding.
  55. // At this point we've got our trigger - but we need to
  56. // eat up any extra junk before we start decoding. What
  57. // we're looking for is a blank line (CRLFCRLF) within
  58. // the next couple of lines. While we're at this if we
  59. // get an exception we'll just pass it through.
  60. ScanIx=DequeIx=0; // Let's reset our indexes.
  61. // We're SCANNING now - so if we fail to get to good base64
  62. // stuff then we'll be starting from scratch - and that's ok.
  63. // Here we will allow some number of additional header lines
  64. // to occur before we give up on this being a base64 segment.
  65. // If we give up then we go back to scanning agian.
  66. // 20030114 _M Increased limit to 150 - lots of X- headers cause
  67. // the engine to stop decoding base64!! 30 was too small.
  68. const int LineLimit = 150; // We'll allow this many.
  69. for(int LineCount=0; LineCount<LineLimit; LineCount++) {
  70. do{ // Eat up characters through
  71. x=FilterChain::GetByte(); // the end of the line.
  72. } while(x!='\n');
  73. x=FilterChain::GetByte(); // Get the next byte.
  74. if(x=='\n'){ // Next line is blank?
  75. State=DECODING; // Then get ready to DECODE!
  76. break; // NO MORE LOOPING!
  77. }
  78. // If the line is not blank then we'll go around again up
  79. // to the number of lines we allow. Then we're done trying
  80. // and we will fall through.
  81. }
  82. // At this point we are either ready to decode base64 data
  83. // or we're still in SCANNING mode because of too much junk.
  84. if(DECODING==State) { // If we're ready to decode
  85. Workspace = 0x0000000a; // then set up a pair of
  86. DequeIx=3; // <LF> lines so they will
  87. ScanIx=2; // be the first bytes decoded.
  88. } // Here we pump <LF> into the
  89. // workspace. Then we return one <LF>
  90. return x; // (usually).
  91. // The deal is, if we're decoding then we will pump in LF and
  92. // return what must be the last LF. If we're not decoding then we
  93. // end up returning the last byte we read before giving up which should
  94. // be the first byte of the next line.
  95. }
  96. }
  97. }
  98. // The above will be tried repeatedly in the first call to
  99. // this object's GetByte() until we either return a byte or
  100. // throw an exception. The result is that once we start to match
  101. // our startup sequence we will either match all of it or we will
  102. // grab as much of it as we can until we don't match - then we'll
  103. // fail and move into DEQUEING.
  104. // You may be asking yourself, why go through all that complex
  105. // Turing engine stuff when a simple line load and string comparison
  106. // would do nicely. The answer is SPEED. Without getting too deep,
  107. // the above code will identify the startup string in roughly 2
  108. // comparisons per byte. If I were to load the entire line first
  109. // then that alone would be 2 comparisons before I got started. This
  110. // way I cut the number of comparisons down by at least 50%.
  111. break;
  112. }
  113. case DEQUEING:{ // We're recovering from a false start...
  114. // When we get here, ScanIx will be one greater than the last
  115. // matching byte. The last byte read will be stored in our buffer
  116. // so that it can be returned here as the last step. The calling
  117. // program will request each byte one at a time... starting with
  118. // the first byte coming out of this code. For all positions in our
  119. // startup string less than ScanIx, we know we had a matching input.
  120. // We start our output at the first byte. The Scanning engine should
  121. // have set our DequeIx to 0 before we got here - so that part should
  122. // be automatic. Here goes...
  123. if(DequeIx < ScanIx) { // If we're still returning a
  124. unsigned char x = // partial match, grab the next byte
  125. Base64Start[DequeIx]; // from the startup string, Increment
  126. DequeIx++; // our Deque index for next time, and
  127. return x; // return the byte that's needed.
  128. } else { // When we're done with that part,
  129. State=SCANNING; // we set our mode back to scanning,
  130. ScanIx=DequeIx=0; // reset our indexes to start again,
  131. return Buffer; // and return the unmatching byte that
  132. } // got us to DEQUEING mode.
  133. break;
  134. }
  135. case DECODING:{ // We're decoding data...
  136. // DequeIx will be used here to indicate how many decoded
  137. // bytes are ready to be delivered. This is compatible with
  138. // the normal startup for other modes.
  139. // ScanIx will be used here to indicate which byte position
  140. // we should be reading from. This combination helps to handle
  141. // pads and simplifies processing. For example, if we've got two
  142. // pads then we'll have a single byte to read starting at index
  143. // zero.
  144. // If we get an exception from up the chain while we're decoding
  145. // then we'll just pass it along.
  146. if(0==DequeIx) { // If there are no bytes ready then get some!
  147. // First Byte:
  148. // Eat anything up to the first byte that doesn't look like
  149. // a base64 digit. If we hit a '\n-' then we'll assume we've got
  150. // a segment boundary and we'll quit. Everything else will be
  151. // ignored to get us to the next line.
  152. do{ // Empty out any in-between bytes.
  153. y=x;x=FilterChain::GetByte(); // Read one byte at a time.
  154. if('-'==x && '\n'==y) { // If we get to a segment separator
  155. ScanIx=DequeIx=0; // then reset our indexes, set our
  156. State=SCANNING; // state to SCANNING...
  157. do { // Eat up the rest of this line
  158. x=FilterChain::GetByte(); // one byte at a time including
  159. } while('\n'!=x); // the <LF> at the end, then
  160. return '\n'; // return the that <LF> byte.
  161. // On the next incoming call, the scanner section "should"
  162. // return the following <LF> byte to complete the end of line.
  163. // This ensures that we put a new line at the end of our
  164. // decoded segment. Four message scanning purposes this is
  165. // desireable. If we wanted a clean segment then we'd probably
  166. // eat through the new line rather than the carriage return.
  167. }
  168. } while(XX64==Base64Table[x]); // Eat all invalid bytes.
  169. // At this point x should have the first valid byte for us :-)
  170. if('='==x) { // First byte can't be a pad.
  171. ScanIx=DequeIx=0; // If it is then we reset ourself,
  172. do{ // eat the rest of this line,
  173. y=x;x=FilterChain::GetByte(); // and then go on with scanning.
  174. }while('\n'!=x);
  175. return x;
  176. }
  177. // At this point we have a clean byte, presumably at the start
  178. // of a base64 block which we can decode.
  179. x = Base64Table[x]; // Convert the byte.
  180. // This first one we assign to clear out the register. The rest
  181. // get added to keep things in place.
  182. Workspace = // Add it to the workspace in the
  183. x << base64_seg0_shift; // correct position.
  184. // Byte number 2 of the block...
  185. x=FilterChain::GetByte(); // Grab the byte...
  186. if('='==x) { // This byte can't be a pad.
  187. ScanIx=DequeIx=0; // If it is then we reset ourself,
  188. do{ // eat the rest of this line,
  189. y=x;x=FilterChain::GetByte(); // and then go on with scanning.
  190. }while('\n'!=x);
  191. return x;
  192. }
  193. x=Base64Table[x]; // Convert the byte.
  194. if(XX64==x) { // The byte can't be invalid...
  195. ScanIx=DequeIx=0; // If it is then we reset ourself,
  196. do{ // eat the rest of this line,
  197. y=x;x=FilterChain::GetByte(); // and then go on with scanning.
  198. }while('\n'!=x);
  199. return x;
  200. }
  201. // At this point we have a clean byte...
  202. Workspace += // Add it to the workspace in the
  203. x << base64_seg1_shift; // correct position.
  204. // Byte number 3 of the block...
  205. x=FilterChain::GetByte(); // Grab the byte...
  206. // This one and the next one can be pads. Here's where we start
  207. // deciding how many bytes we have. If we have a pad in this spot
  208. // then our output bytes will only be 1.
  209. if('='==x) DequeIx = 1; // If we've got a pad here we'll only
  210. else DequeIx = 3; // have one valid output byte. Otherwise
  211. // we could have 3.
  212. x=Base64Table[x]; // Convert the byte.
  213. if(XX64==x) { // The byte can't be invalid...
  214. ScanIx=DequeIx=0; // If it is then we reset ourself,
  215. do{ // eat the rest of this line,
  216. y=x;x=FilterChain::GetByte(); // and then go on with scanning.
  217. }while('\n'!=x);
  218. return x;
  219. }
  220. // At this point we have a clean byte...
  221. Workspace += // Add it to the workspace in the
  222. x << base64_seg2_shift; // correct position.
  223. // Byte number 4 of the block...
  224. x=FilterChain::GetByte(); // Grab the byte...
  225. if('='==x && DequeIx > 2) // If we've got a pad here the most
  226. DequeIx=2; // we can have are 2 valid outputs.
  227. x=Base64Table[x]; // Convert the byte.
  228. if(XX64==x) { // The byte can't be invalid...
  229. ScanIx=DequeIx=0; // If it is then we reset ourself,
  230. do{ // eat the rest of this line,
  231. y=x;x=FilterChain::GetByte(); // and then go on with scanning.
  232. }while('\n'!=x);
  233. return x;
  234. }
  235. // At this point we have a clean byte...
  236. Workspace += // Add it to the workspace in the
  237. x << base64_seg3_shift; // correct position.
  238. // At this point we are ready to begin outputting our bytes.
  239. ScanIx=2; // Output always starts byte three.
  240. return GetByte(); // Return our first decoded byte.
  241. } else { // If there are bytes ready then spit them out.
  242. x=(Workspace >> (ScanIx * 8)) & 0xFF; // Grab the byte we want.
  243. ScanIx--; // Decrement our output index.
  244. DequeIx--; // Decrement our output count.
  245. return x; // Send back our byte.
  246. }
  247. break;
  248. }
  249. }
  250. // We should never get to this point.
  251. return 0; // Dummy to make the compiler happy.
  252. }
  253. // FilterChainQuotedPrintable Methods.
  254. // isHexDigit()
  255. // Returns true if i is a valid hex digit.
  256. bool FilterChainQuotedPrintable::isHexDigit(unsigned char i) {
  257. if(
  258. (i >= '0' && i <= '9') || // Hex digits must be 0-9 or
  259. (i >= 'A' && i <= 'F') || // A-F or
  260. (i >= 'a' && i <= 'f') // a-f if somebody used lower case.
  261. ) {
  262. return true; // If i is one of these we are true
  263. } else {
  264. return false; // IF i is not then we are false
  265. }
  266. }
  267. // convertHexDigit()
  268. // Returns an integer value for the hex digit i
  269. int FilterChainQuotedPrintable::convertHexDigit(unsigned char i) {
  270. if(i >= '0' && i <= '9') { // Digit chars convert directly.
  271. return i - '0';
  272. } else if (i >= 'A' && i <= 'F') { // Cap A-F convert to 10 - 15
  273. return i - 'A' + 10;
  274. } else if (i >= 'a' && i <= 'f') { // Small A-F convert to 10 - 15
  275. return i - 'a' + 10;
  276. }
  277. return -1; // Return -1 if i was not a hex digit!
  278. }
  279. // GetByte()
  280. // Returns the next byte from this filter module.
  281. unsigned char FilterChainQuotedPrintable::GetByte() {
  282. switch(State) { // What are we doing?
  283. case SCANNING: // We're scanning to turn on...
  284. Buffer[0]=FilterChain::GetByte();
  285. if('='== Buffer[0]) { // If we've found an = then we're on.
  286. Buffer[1]=FilterChain::GetByte(); // Fill up the decoding buffer with
  287. Buffer[2]=FilterChain::GetByte(); // the next two bytes,
  288. BufferIndex = 0; // Setup the buffer index.
  289. BufferLength = 3; // Setup the buffer length.
  290. State = DECODING; // Set our mode and get the result
  291. return GetByte(); // by calling ourselves!
  292. } else
  293. return Buffer[0]; // Otherwise just pass through.
  294. break;
  295. case DEQUEING: // We're recovering from a false start...
  296. if(BufferIndex < BufferLength) { // If we've got buffered stuff then
  297. return Buffer[BufferIndex++]; // return it and move the pointer.
  298. } else { // If we've run out of stuff then
  299. BufferIndex = 0; // Reset our index and our
  300. BufferLength = 0; // buffer length, then set our
  301. State = SCANNING; // mode to SCANNING and return
  302. return GetByte(); // the next byte from there.
  303. }
  304. break;
  305. case DECODING: // We're decoding data...
  306. // Now we are decoding quoted printable data. First we will handle the case
  307. // where this is a soft line break. In that case we simply eat the encoded bytes
  308. // and set up to dequeue the last byte.
  309. if(Buffer[1] == '\n') { // If this is a soft break the
  310. BufferIndex = 2; // point our dequeue index at the last byte
  311. State = DEQUEING; // establish our DEQUEING state and
  312. return GetByte(); // return by letteing DEQUEING do it!
  313. }
  314. // If it wasn't a soft break then we _may_ need to decode it. We will find
  315. // out by looking for hex digits in the next two locations. If they are there
  316. // we are decoding. If not then we will simply dequeue the entire buffer.
  317. if(
  318. isHexDigit(Buffer[1]) && // If the next two bytes are hex
  319. isHexDigit(Buffer[2]) // digits then we can convert them.
  320. ) {
  321. Workspace= // Set our workspace to convert the
  322. (convertHexDigit(Buffer[1]) << 4) | // two hex digits into a single
  323. (convertHexDigit(Buffer[2])); // byte.
  324. Buffer[2] = Workspace & 0xFF; // Store that byte in our buffer.
  325. BufferIndex = 2; // Set the index and change our
  326. State = DEQUEING; // state to DEQUEING then let that
  327. return GetByte(); // code spit it out!
  328. } else { // If either byte was not a valid
  329. State = DEQUEING; // hex digit DEQUEUE the entire
  330. return GetByte(); // buffer.
  331. }
  332. break;
  333. };
  334. return FilterChain::GetByte(); // Dummy
  335. }
  336. /////////////////////////////////////////////////////////////////////////////////////////
  337. // FilterChainDefunker
  338. /////////////////////////////////////////////////////////////////////////////////////////
  339. // SkipHeaders() waits for the headers to go by before launching Store().
  340. unsigned char FilterChainDefunker::SkipHeaders() { // While waiting EOH...
  341. unsigned char x = FilterChain::GetByte(); // Get a byte.
  342. if(LastRawByte == '\n' && x == '\n') { // If we're at EOH
  343. Master = &FilterChainDefunker::Store; // Go to store mode.
  344. return x; // and return the byte.
  345. } // If we're not at EOH
  346. LastRawByte = x; // then remember this byte
  347. return x; // and return it.
  348. }
  349. // Store() puts the original data into the buffer for later.
  350. unsigned char FilterChainDefunker::Store() { // While in Store mode,
  351. unsigned char x; // we need a byte.
  352. try {
  353. if(DefunkerSize-10 < InputPosition) {
  354. cout << "watch this" << endl;
  355. }
  356. if(DefunkerSize <= InputPosition)
  357. throw Empty("FilterChainDefunker: No more data"); // Careful about the buffer.
  358. x = FilterChain::GetByte(); // Try getting the next byte
  359. StoreBuffer[InputPosition++] = x; // and storing it.
  360. }
  361. catch(Empty) { // When we get the Empty
  362. Master = &FilterChainDefunker::ReadOut; // signal it is time for us
  363. return GetByte(); // to read out our data.
  364. }
  365. return x; // Otherwis pass on the byte.
  366. }
  367. // ReadOut() retrieves the stored data through the state engine.
  368. unsigned char FilterChainDefunker::ReadOut() { // Read out and dedup spaces.
  369. if(LastReadOut == ' ') { // If the last byte was a space
  370. while(LastReadOut == ' ') { // then eat all of the spaces
  371. LastReadOut = SpaceConvChart[GetInternal()]; // that come next with spaces
  372. } // converted.
  373. } else { // If it was not a space then
  374. LastReadOut = SpaceConvChart[GetInternal()]; // simply read the next byte
  375. } // with spaces converted.
  376. return LastReadOut; // Output the byte we found.
  377. }
  378. // GetStore() retrieves the raw store for the state engine.
  379. unsigned char FilterChainDefunker::GetStore() { // Read from the Store.
  380. if(OutputPosition >= InputPosition) {
  381. throw Empty("FilterChainDefunker: No more data"); // If we're out of bytes throw Empty.
  382. }
  383. return LastGetStore = StoreBuffer[OutputPosition++]; // If we have more, trap and send it.
  384. }
  385. //// The following functions make up the state engine with the state maintained
  386. //// as a function pointer in the (*Internal)() handle.
  387. unsigned char FilterChainDefunker::Preamble() { // Emit the preamble.
  388. for(
  389. int p=0; // Load the preamble into
  390. DefunkerPreamble[p]; // the queue.
  391. p++) EnQueue(DefunkerPreamble[p]);
  392. Internal = &FilterChainDefunker::DeQueue; // Set up the DeQueue mode
  393. return GetInternal(); // and return the next byte.
  394. }
  395. unsigned char FilterChainDefunker::DefunkRoot() { // While in DefunkRoot state
  396. unsigned char x = GetStore(); // grab the next byte.
  397. if(x == '<') { // If it matches < then
  398. Internal = &FilterChainDefunker::OpenTag; // go to OpenTag state and
  399. return GetInternal(); // return the next byte.
  400. } else
  401. if(x == '&') { // If it matches & then
  402. Internal = &FilterChainDefunker::OpenAmp; // go to OpenAnd state and
  403. EnQueue(x); // push in the amphersand.
  404. return GetInternal(); // return the next byte.
  405. } // If we did not match then
  406. return x; // return what we grabbed.
  407. }
  408. unsigned char FilterChainDefunker::OpenTag() { // While in OpenTag state
  409. unsigned char x = GetStore(); // grab the next byte.
  410. switch(tolower(x)) { // Check the lower case of x.
  411. case 'b': // If we have a 'b' then
  412. Internal = &FilterChainDefunker::MatchBR; // our mode is MatchBR.
  413. break;
  414. case 'p': // If we have a 'p' then
  415. Internal = &FilterChainDefunker::MatchP; // our mode is MatchP.
  416. break;
  417. default: // If we did not match then
  418. Internal = &FilterChainDefunker::EatTag; // our mode is EatTag.
  419. break;
  420. }
  421. return GetInternal(); // Return the next byte.
  422. }
  423. unsigned char FilterChainDefunker::OpenAmp() { // While in OpenAmp state
  424. unsigned char x = GetStore(); // grab the next byte.
  425. if(tolower(x) == 'n') { // If it matched n then
  426. EnQueue(x); // push in the n -
  427. Internal = &FilterChainDefunker::MatchNBSP; // we are working on &nbsp;
  428. return GetInternal(); // return the next byte.
  429. } else
  430. if(tolower(x) == 'a') { // If it matched a then
  431. EnQueue(x); // push in the a -
  432. Internal = &FilterChainDefunker::SwitchAMPAPOS; // is it AMP or APOS?
  433. return GetInternal(); // return the next byte.
  434. } else
  435. if(tolower(x) == 'l') { // If it matched l then
  436. EnQueue(x); // push in the l -
  437. Internal = &FilterChainDefunker::MatchLT; // we are working on &lt;
  438. return GetInternal(); // return the next byte.
  439. } else
  440. if(tolower(x) == 'g') { // If it matched g then
  441. EnQueue(x); // push in the g -
  442. Internal = &FilterChainDefunker::MatchGT; // we are working on &gt;
  443. return GetInternal(); // return the next byte.
  444. } else
  445. if(tolower(x) == 'q') { // If it matched q then
  446. EnQueue(x); // push in the q -
  447. Internal = &FilterChainDefunker::MatchQUOT; // we are working on &quot;
  448. return GetInternal(); // return the next byte.
  449. } else
  450. if(x == '#') { // If it matched # then
  451. EnQueue(x); // push in the # -
  452. Internal = &FilterChainDefunker::DecodeNum; // we are working on &#...;
  453. return GetInternal(); // return the next byte.
  454. }
  455. Internal = &FilterChainDefunker::DeQueue; // If nothing matched then
  456. return GetInternal(); // punt and dequeue.
  457. }
  458. unsigned char FilterChainDefunker::MatchBR() { // If our mode is MatchBR
  459. if(MatchTagPattern(patMatchBR)) { // If we matched our pattern
  460. Internal = &FilterChainDefunker::DefunkRoot; // go to DefunkRoot state
  461. return ' '; // and return a space.
  462. } // If we did not match then
  463. Internal = &FilterChainDefunker::EatTag; // go to EatTag state and
  464. return GetInternal(); // return the next byte.
  465. }
  466. unsigned char FilterChainDefunker::MatchP() { // If our mode is MatchP
  467. if(MatchTagPattern(patMatchP)) { // if we matched our pattern
  468. Internal = &FilterChainDefunker::DefunkRoot; // go to DefunkRoot state
  469. return ' '; // and return a space.
  470. } // If we did not match then
  471. Internal = &FilterChainDefunker::EatTag; // go to EatTag state and
  472. return GetInternal(); // return the next byte.
  473. }
  474. unsigned char FilterChainDefunker::MatchNBSP() { // If our mode is MatchNBSP
  475. int pos = 2; // We've seen &n so far.
  476. while(patNBSP[pos]){ // Look through the pattern
  477. unsigned char x = GetStore(); // getting one byte at a time.
  478. EnQueue(x); // Push each into the queue.
  479. if(tolower(x)!=patNBSP[pos]) break; // If we fall off, get out.
  480. pos++; // otherwise keep going.
  481. }
  482. // At this point our pattern[pos] is either 0 (a match) or not.
  483. if(patNBSP[pos]) { // If we did not match then
  484. Internal = &FilterChainDefunker::DeQueue; // set our state to dequeue
  485. return GetInternal(); // and return the next byte.
  486. }
  487. // If we did match the pattern
  488. ClearQueue(); // then clear the queue and
  489. Internal = &FilterChainDefunker::DefunkRoot; // go back to root mode then
  490. return ' '; // return a space.
  491. }
  492. unsigned char FilterChainDefunker::MatchLT() { // If our mode is MatchLT
  493. int pos = 2; // We've seen &l so far.
  494. while(patLT[pos]){ // Look through the pattern
  495. unsigned char x = GetStore(); // getting one byte at a time.
  496. EnQueue(x); // Push each into the queue.
  497. if(tolower(x)!=patLT[pos]) break; // If we fall off, get out.
  498. pos++; // otherwise keep going.
  499. }
  500. // At this point our pattern[pos] is either 0 (a match) or not.
  501. if(patLT[pos]) { // If we did not match then
  502. Internal = &FilterChainDefunker::DeQueue; // set our state to dequeue
  503. return GetInternal(); // and return the next byte.
  504. }
  505. // If we did match the pattern
  506. ClearQueue(); // then clear the queue and
  507. Internal = &FilterChainDefunker::DefunkRoot; // go back to root mode then
  508. return '<'; // return a <.
  509. }
  510. unsigned char FilterChainDefunker::MatchGT() { // If our mode is MatchGT
  511. int pos = 2; // We've seen &g so far.
  512. while(patGT[pos]){ // Look through the pattern
  513. unsigned char x = GetStore(); // getting one byte at a time.
  514. EnQueue(x); // Push each into the queue.
  515. if(tolower(x)!=patGT[pos]) break; // If we fall off, get out.
  516. pos++; // otherwise keep going.
  517. }
  518. // At this point our pattern[pos] is either 0 (a match) or not.
  519. if(patGT[pos]) { // If we did not match then
  520. Internal = &FilterChainDefunker::DeQueue; // set our state to dequeue
  521. return GetInternal(); // and return the next byte.
  522. }
  523. // If we did match the pattern
  524. ClearQueue(); // then clear the queue and
  525. Internal = &FilterChainDefunker::DefunkRoot; // go back to root mode then
  526. return '>'; // return a >.
  527. }
  528. unsigned char FilterChainDefunker::MatchQUOT() { // If our mode is MatchQUOT
  529. int pos = 2; // We've seen &q so far.
  530. while(patQUOT[pos]){ // Look through the pattern
  531. unsigned char x = GetStore(); // getting one byte at a time.
  532. EnQueue(x); // Push each into the queue.
  533. if(tolower(x)!=patQUOT[pos]) break; // If we fall off, get out.
  534. pos++; // otherwise keep going.
  535. }
  536. // At this point our pattern[pos] is either 0 (a match) or not.
  537. if(patQUOT[pos]) { // If we did not match then
  538. Internal = &FilterChainDefunker::DeQueue; // set our state to dequeue
  539. return GetInternal(); // and return the next byte.
  540. }
  541. // If we did match the pattern
  542. ClearQueue(); // then clear the queue and
  543. Internal = &FilterChainDefunker::DefunkRoot; // go back to root mode then
  544. return '\"'; // return a quote.
  545. }
  546. unsigned char FilterChainDefunker::SwitchAMPAPOS() { // We are chosing AMP or APOS.
  547. unsigned char x = GetStore(); // Get the next byte.
  548. EnQueue(x); // Put it into the queue.
  549. if(tolower(x)=='m') { // If we matched m then we
  550. Internal = &FilterChainDefunker::MatchAMP; // are working on MatchAMP.
  551. return GetInternal(); // Go get it.
  552. } else
  553. if(tolower(x)=='p') { // If we matched p then we
  554. Internal = &FilterChainDefunker::MatchAPOS; // are working on MatchAPOS.
  555. return GetInternal(); // Go get it.
  556. }
  557. Internal = &FilterChainDefunker::DeQueue; // If we didn't match either
  558. return GetInternal(); // we punt and DeQueue.
  559. }
  560. unsigned char FilterChainDefunker::MatchAPOS() { // If our mode is MatchAPOS
  561. int pos = 3; // We've seen &ap so far.
  562. while(patAPOS[pos]){ // Look through the pattern
  563. unsigned char x = GetStore(); // getting one byte at a time.
  564. EnQueue(x); // Push each into the queue.
  565. if(tolower(x)!=patAPOS[pos]) break; // If we fall off, get out.
  566. pos++; // otherwise keep going.
  567. }
  568. // At this point our pattern[pos] is either 0 (a match) or not.
  569. if(patAMP[pos]) { // If we did not match then
  570. Internal = &FilterChainDefunker::DeQueue; // set our state to dequeue
  571. return GetInternal(); // and return the next byte.
  572. }
  573. // If we did match the pattern
  574. ClearQueue(); // then clear the queue and
  575. Internal = &FilterChainDefunker::DefunkRoot; // go back to root mode then
  576. return '\''; // return an apostrophie.
  577. }
  578. unsigned char FilterChainDefunker::MatchAMP() { // If our mode is MatchAMP
  579. int pos = 3; // We've seen &am so far.
  580. while(patAMP[pos]){ // Look through the pattern
  581. unsigned char x = GetStore(); // getting one byte at a time.
  582. EnQueue(x); // Push each into the queue.
  583. if(tolower(x)!=patAMP[pos]) break; // If we fall off, get out.
  584. pos++; // otherwise keep going.
  585. }
  586. // At this point our pattern[pos] is either 0 (a match) or not.
  587. if(patAMP[pos]) { // If we did not match then
  588. Internal = &FilterChainDefunker::DeQueue; // set our state to dequeue
  589. return GetInternal(); // and return the next byte.
  590. }
  591. // If we did match the pattern
  592. ClearQueue(); // then clear the queue and
  593. Internal = &FilterChainDefunker::DefunkRoot; // go back to root mode then
  594. return '&'; // return an amphersand.
  595. }
  596. unsigned char FilterChainDefunker::EatTag() { // If our mode is EatTag
  597. if(LastGetStore != '>') { // and our last byte was not
  598. while(GetStore()!='>')continue; // endtag then eat through
  599. } // the end tag. Then set our
  600. Internal = &FilterChainDefunker::DefunkRoot; // mode to DefunkRoot and
  601. return GetInternal(); // return the next byte.
  602. }
  603. unsigned char FilterChainDefunker::DecodeNum() { // If our mode is DecodeNum
  604. unsigned char NumBfr[5]; // A buffer for digits.
  605. memset(NumBfr,0,sizeof(NumBfr)); // Clear the buffer.
  606. for( // Let's read the number...
  607. unsigned int i=0; // NumBfr position = 0;
  608. i<(sizeof(NumBfr)-1) && // Stay well within the NunBfr.
  609. (EnQueue(NumBfr[i]=GetStore()), // Read and EnQueue each byte.
  610. isdigit(NumBfr[i])); // Keep going if it's a digit.
  611. i++)continue; // Move the buffer pointer.
  612. // Check for a proper finish...
  613. if(LastGetStore != ';') { // If we didn't end properly
  614. Internal = &FilterChainDefunker::DeQueue; // then we will punt and
  615. return GetInternal(); // DeQueue.
  616. }
  617. // At this point, NumBfr contains a c_str of the number to be decoded.
  618. // Also, the Qbfr has each byte we read in case we want to punt.
  619. int Decoded = atol((const char*)NumBfr); // Read the number.
  620. if(Decoded < 32 || Decoded > 255) { // If the number we read is
  621. Internal = &FilterChainDefunker::DeQueue; // out of range then we
  622. return GetInternal(); // punt and DeQueue.
  623. }
  624. // If we decoded a character
  625. ClearQueue(); // that is in range of normal
  626. Internal = &FilterChainDefunker::DefunkRoot; // ascii then clear the queue,
  627. return (unsigned char) Decoded; // go back to DefunkRoot, and
  628. } // return the decoded byte.
  629. /////////////////////////////////////////////////////////////////////////////////////////
  630. // FilterChainUrlDecode
  631. /////////////////////////////////////////////////////////////////////////////////////////
  632. unsigned char FilterChainUrlDecode::Bypass() { // In Bypass mode...
  633. unsigned char c = FilterChain::GetByte(); // Get the raw byte.
  634. if(c == '<') { // If it was '<' we begin.
  635. Internal = &FilterChainUrlDecode::Tag; // Go to Tag mode.
  636. AddToBfr(c); // Write the byte to our buffer.
  637. }
  638. return c; // Always return the byte.
  639. }
  640. unsigned char FilterChainUrlDecode::Tag() { // In Tag mode...
  641. unsigned char c = FilterChain::GetByte(); // Get the raw byte.
  642. if(tolower(c) == 'a') { // If we're in an anchor tag
  643. Internal = &FilterChainUrlDecode::Root; // Go to Decode Root mode.
  644. AddToBfr(c); // Write the byte to our buffer.
  645. } else
  646. if(tolower(c) == 'i') { // If we might be in an img tag
  647. Internal = &FilterChainUrlDecode::Img1; // Go to Img1 mode.
  648. AddToBfr(c); // Write the byte to our buffer.
  649. } else { // If we didn't match
  650. DecodeBfr[0] = 0; // we clear out the Decode
  651. DecodeBfr[1] = 0; // buffer. (Save some bytes by
  652. DecodeLength = 0; // doing it manually) Then we
  653. Internal = &FilterChainUrlDecode::Bypass; // Go to Bypass mode again.
  654. }
  655. return c; // Always return the byte.
  656. }
  657. unsigned char FilterChainUrlDecode::Img1() { // In Img1 mode...
  658. unsigned char c = FilterChain::GetByte(); // Get the raw byte.
  659. if(tolower(c)=='m') { // If we're still in an img tag
  660. Internal = &FilterChainUrlDecode::Img2; // Go to Img2 mode.
  661. AddToBfr(c); // Write the byte to our buffer.
  662. } else { // If we didn't match
  663. DecodeBfr[0] = 0; // we clear out the Decode
  664. DecodeBfr[1] = 0; // buffer and go back to
  665. DecodeBfr[2] = 0; // Bypass mode again.
  666. DecodeLength = 0;
  667. Internal = &FilterChainUrlDecode::Bypass;
  668. }
  669. return c; // Always return the byte.
  670. }
  671. unsigned char FilterChainUrlDecode::Img2() { // In Img2 mode...
  672. unsigned char c = FilterChain::GetByte(); // Get the raw byte.
  673. if(tolower(c)=='g') { // If we're still in an img tag
  674. Internal = &FilterChainUrlDecode::Root; // Go to Decode Root mode.
  675. AddToBfr(c); // Write the byte to our buffer.
  676. } else { // If we didn't match
  677. DecodeBfr[0] = 0; // we clear out the Decode
  678. DecodeBfr[1] = 0; // buffer and go back to
  679. DecodeBfr[2] = 0; // Bypass mode again.
  680. DecodeBfr[3] = 0;
  681. DecodeLength = 0;
  682. Internal = &FilterChainUrlDecode::Bypass;
  683. }
  684. return c; // Always return the byte.
  685. }
  686. unsigned char FilterChainUrlDecode::Root() { // While in Decode Root mode...
  687. unsigned char c = FilterChain::GetByte(); // Get the raw byte.
  688. AddToBfr(c); // Push it into the buffer.
  689. // Now we will switch modes based on the byte we get.
  690. if(c == '%') { // If we have '%' then it is
  691. Internal = &FilterChainUrlDecode::GetD1; // time to start decoding.
  692. } else
  693. if(c == '>') { // If we have '>' and
  694. if(DecodeFlag) { // we did some decoding then
  695. Internal = &FilterChainUrlDecode::Inject; // it is time to inject the result.
  696. } else { // If there was no decoding then
  697. Clear(); // we clear out our buffer and
  698. Internal = &FilterChainUrlDecode::Bypass; // it is time to go to sleep.
  699. }
  700. }
  701. // This next bit protects against malformed HTML by watching for any new tag
  702. // start. If one occurs, then we throw away our current decoding and assume a state
  703. // that starts with the new open "<".
  704. if(c == '<') { // If found a new < then we
  705. Clear(); // clear the buffer,
  706. AddToBfr(c); // Add the '<' back in, and
  707. Internal = &FilterChainUrlDecode::Tag; // go back to Tag mode.
  708. }
  709. return c; // Always return the byte.
  710. }
  711. unsigned char FilterChainUrlDecode::GetD1() { // Get the first digit.
  712. unsigned char c = FilterChain::GetByte(); // Read the raw byte.
  713. AddToBfr(c); // Add it to the buffer.
  714. Internal = &FilterChainUrlDecode::GetD2; // Move to GetD2 mode.
  715. return c; // Always return the byte.
  716. }
  717. // isHexDigit()
  718. // Returns true if i is a valid hex digit.
  719. bool FilterChainUrlDecode::isHexDigit(unsigned char i) {
  720. if(
  721. (i >= '0' && i <= '9') || // Hex digits must be 0-9 or
  722. (i >= 'A' && i <= 'F') || // A-F or
  723. (i >= 'a' && i <= 'f') // a-f if somebody used lower case.
  724. ) {
  725. return true; // If i is one of these we are true
  726. } else {
  727. return false; // IF i is not then we are false
  728. }
  729. }
  730. // convertHexDigit()
  731. // Returns an integer value for the hex digit i
  732. int FilterChainUrlDecode::convertHexDigit(unsigned char i) {
  733. if(i >= '0' && i <= '9') { // Digit chars convert directly.
  734. return i - '0';
  735. } else if (i >= 'A' && i <= 'F') { // Cap A-F convert to 10 - 15
  736. return i - 'A' + 10;
  737. } else if (i >= 'a' && i <= 'f') { // Small A-F convert to 10 - 15
  738. return i - 'a' + 10;
  739. }
  740. return -1; // Return -1 if i was not a hex digit!
  741. }
  742. // convertHexByte()
  743. // Returns an integer value for a hex string representing a byte.
  744. unsigned char FilterChainUrlDecode::convertHexByte(unsigned char* x) {
  745. unsigned char working = convertHexDigit(x[1]); // Convert the low order nybl.
  746. working = working + (16 * convertHexDigit(x[0])); // Convert the high order nybl.
  747. return working; // Return the result.
  748. }
  749. unsigned char FilterChainUrlDecode::GetD2() { // Get the second digit.
  750. unsigned char c = FilterChain::GetByte(); // Read the raw byte.
  751. AddToBfr(c); // Add it to the buffer.
  752. // At this point the end of our DecodeBfr has a c_str of a small hex integer (we hope)
  753. // that we can decode. If we successfully decode it then we will replace %xx in our
  754. // DecodeBfr with the character that is represented by that byte.
  755. // Do we really have an encoded byte to decode?
  756. int codepos = DecodeLength-3; // Grab the position of the hex.
  757. if(
  758. DecodeBfr[codepos]=='%' && // If the first char is %
  759. isHexDigit(DecodeBfr[codepos+1]) && // and the second is a hex digit
  760. isHexDigit(DecodeBfr[codepos+2]) // and the third is a hex digit
  761. ){ // then we can decode the string.
  762. unsigned char q = convertHexByte(DecodeBfr+codepos+1); // Decode the byte.
  763. if(q >= 32) { // If the byte is in range then
  764. DecodeBfr[codepos] = q; // Replace the % with the byte
  765. DecodeBfr[--DecodeLength] = 0; // backup over and erase the hex
  766. DecodeBfr[--DecodeLength] = 0; // digits themselves.
  767. DecodeFlag = true; // Set the decode flag.
  768. }
  769. // If we decided the byte was not decodable for some reason then the original data
  770. // remains in the buffer as it was originally read.
  771. }
  772. Internal = &FilterChainUrlDecode::Root; // Get ready to decode more.
  773. return c; // Always return the byte.
  774. }
  775. unsigned char FilterChainUrlDecode::Inject() { // Inject the decoded result.
  776. if(
  777. DecodeBfr[DecodePosition] && // If we've got more bytes
  778. DecodePosition < sizeof(DecodeBfr)) { // and we're safely in our buffer
  779. return DecodeBfr[DecodePosition++]; // then return the byte and move
  780. } // ahead.
  781. // Once the buffer is empty we
  782. Clear(); // clear out the system, and go
  783. Internal = &FilterChainUrlDecode::Bypass; // back to bypass mode. Then
  784. return GetByte(); // return the next bypassed byte.
  785. }
  786. ////////////////////////////////////////////////////////////////////////////////
  787. // FilterChainHeaderAnalysis
  788. ////////////////////////////////////////////////////////////////////////////////
  789. int FilterChainHeaderAnalysis::FollowPattern(char c) { // Follow the pattern.
  790. c = tolower(c); // Convert c to lower case.
  791. if(c != MatchPattern[MatchIndex]) { // If c doesn't match the pattern
  792. return -1; // then return -1 indicating we fell off.
  793. } else { // If it did match the pattern then
  794. MatchIndex++; // move ahead to the next byte and
  795. if(0 == MatchPattern[MatchIndex]) { // take a look. If that's all there was
  796. return 0; // then we've finished :-)
  797. }
  798. } // If we matched and there's more to do
  799. return 1; // then we return 1.
  800. }
  801. unsigned char FilterChainHeaderAnalysis::doSeekNL() { // Looking for a new line.
  802. unsigned char c = GetCheckedByte(); // Get the next byte (and check for high bits)
  803. if('\n' == c) { // If it was a new line then
  804. Mode = &FilterChainHeaderAnalysis::doSeekDispatch; // move on to the next mode
  805. } // for the next byte and
  806. return c; // return the byte we got.
  807. }
  808. unsigned char FilterChainHeaderAnalysis::doSeekDispatch() { // Looking at the first char after NL.
  809. unsigned char c = GetCheckedByte(); // Get the next byte (and check for high bits)
  810. switch(tolower(c)) { // Switch modes based on what this byte is.
  811. case '\n': { // If it is a New Line then the headers are
  812. Mode = &FilterChainHeaderAnalysis::doEndOfHeaders; // finished - so we set up our EndOfHeaders
  813. return GetByte(); // mode and return the next byte from there.
  814. break; // The extra NL will be emitted at the end.
  815. }
  816. case 'r': { // If it is an R as in (R)eceived:
  817. SetFollowPattern("eceived:"); // establish the follow pattern and
  818. Mode = &FilterChainHeaderAnalysis::doReceived; // switch to doReceived mode.
  819. break;
  820. }
  821. case 'f': { // If it is an F as in (F)rom:
  822. SetFollowPattern("rom:"); // establish the follow pattern and
  823. Mode = &FilterChainHeaderAnalysis::doFrom; // switch to doFrom mode.
  824. break;
  825. }
  826. case 't': { // If it is an T as in (T)o:
  827. SetFollowPattern("o:"); // establish the follow pattern and
  828. Mode = &FilterChainHeaderAnalysis::doTo; // switch to doTo mode.
  829. break;
  830. }
  831. case 'c': { // If it is a C as in (C)C:
  832. SetFollowPattern("c:"); // establish the follow pattern and
  833. Mode = &FilterChainHeaderAnalysis::doCC; // switch to doCC mode.
  834. break;
  835. }
  836. case 'm': { // If it is an M as in (M)essage-id:
  837. SetFollowPattern("essage-id:"); // establish the follow pattern and
  838. Mode = &FilterChainHeaderAnalysis::doMessageID; // switch to doMessageID mode.
  839. break;
  840. }
  841. case 'd': { // If it is a D as in (D)ate:
  842. SetFollowPattern("ate:"); // establish the follow pattern and
  843. Mode = &FilterChainHeaderAnalysis::doDate; // switch to doDate mode.
  844. break;
  845. }
  846. case 's': { // If it is an S as in (S)ubject:
  847. SetFollowPattern("ubject:"); // establish the follow pattern and
  848. Mode = &FilterChainHeaderAnalysis::doSubject; // switch to doSubject mode.
  849. break;
  850. }
  851. default: { // If we don't recognize the byte then
  852. Mode = &FilterChainHeaderAnalysis::doSeekNL; // go back to looking for a new line.
  853. break;
  854. }
  855. } // Once all of our mode switching is handled
  856. return c; // we return the byte we got.
  857. }
  858. unsigned char FilterChainHeaderAnalysis::doReceived() { // Identifying a Received: header.
  859. unsigned char c = FilterChain::GetByte(); // Get the next byte of the header tag.
  860. switch(FollowPattern(c)) { // See if we're still on the path.
  861. case -1: { // If we're not on the right tag then
  862. Mode = &FilterChainHeaderAnalysis::doSeekNL; // go back to looking for the next one.
  863. break;
  864. }
  865. case 0: { // If we've found the end of our tag (match!)
  866. Mode = &FilterChainHeaderAnalysis::doFindIP; // start looking for the IP.
  867. IPToTest = ""; // Clear the IPToTest buffer.
  868. break;
  869. }
  870. default: { // If we're still following along then
  871. break; // keep on keepin' on.
  872. }
  873. } // Once we know what we're doing we
  874. return c; // return the character we got.
  875. }
  876. unsigned char FilterChainHeaderAnalysis::doFindIP() { // Seeking the [IP] in a Received header.
  877. unsigned char c = GetCheckedByte(); // Get a checked byte.
  878. switch(c) {
  879. case '[': { // If we find the [ then
  880. Mode = &FilterChainHeaderAnalysis::doTestIP; // set up to grab and test the IP.
  881. break;
  882. }
  883. case '\n': { // If we come across a newline then
  884. Mode = &FilterChainHeaderAnalysis::doSeekNL; // we must be lost so go back to basics.
  885. break;
  886. }
  887. default: { // For anything else we keep on going.
  888. break;
  889. }
  890. }
  891. return c; // Return the byte.
  892. }
  893. //// 20070614 _M Improved IP exctaction from received headers so that if the
  894. //// apparent IP contains any unusual bytes (not digits or dots) then the
  895. //// attempt is abandoned.
  896. unsigned char FilterChainHeaderAnalysis::doTestIP() { // Gets and tests the [IP].
  897. unsigned char c = FilterChain::GetByte(); // Get the next byte.
  898. switch(c) {
  899. case ']': { // If we come to ] we've got it!
  900. IPTester.test(IPToTest, IPTestResult); // Do the test with this IP.
  901. if(0 == IPTestResult.length()) { // If the IP test wants us to truncate
  902. throw Empty("FilterChainHeaderAnalysis: Truncate"); // the message then throw Empty!
  903. } // Otherwise, proceed as per normal...
  904. SetOutputBuffer(IPTestResult); // Put the result in the output buffer.
  905. Mode = &FilterChainHeaderAnalysis::doInjectIPTestResult; // Set the mode to inject the result.
  906. break; // That will start on the next byte.
  907. }
  908. case '0': // IPs are made of digits and dots.
  909. case '1':
  910. case '2':
  911. case '3':
  912. case '4':
  913. case '5':
  914. case '6':
  915. case '7':
  916. case '8':
  917. case '9':
  918. case '.': { // Capture the IP between [ and ]
  919. IPToTest += c; // one byte at a time.
  920. break;
  921. }
  922. default: { // If we find anything else we must be
  923. Mode = &FilterChainHeaderAnalysis::doSeekNL; // lost so we go back to the basics.
  924. break;
  925. }
  926. }
  927. return c;
  928. }
  929. unsigned char FilterChainHeaderAnalysis::doFrom() { // Identifying a From: header.
  930. unsigned char c = FilterChain::GetByte(); // Get the next byte of the header tag.
  931. switch(FollowPattern(c)) { // See if we're still on the path.
  932. case -1: { // If we're not on the right tag then
  933. Mode = &FilterChainHeaderAnalysis::doSeekNL; // go back to looking for the next one.
  934. break;
  935. }
  936. case 0: { // If we've found the end of our tag (match!)
  937. Mode = &FilterChainHeaderAnalysis::doSeekNL; // start looking for the the next tag and
  938. FoundFrom = true; // record that this tag was present.
  939. break;
  940. }
  941. default: { // If we're still following along then
  942. break; // keep on keepin' on.
  943. }
  944. } // Once we know what we're doing we
  945. return c; // return the character we got.
  946. }
  947. unsigned char FilterChainHeaderAnalysis::doTo() { // Identifying a To: header.
  948. unsigned char c = FilterChain::GetByte(); // Get the next byte of the header tag.
  949. switch(FollowPattern(c)) { // See if we're still on the path.
  950. case -1: { // If we're not on the right tag then
  951. Mode = &FilterChainHeaderAnalysis::doSeekNL; // go back to looking for the next one.
  952. break;
  953. }
  954. case 0: { // If we've found the end of our tag (match!)
  955. Mode = &FilterChainHeaderAnalysis::doSeekNL; // start looking for the the next tag and
  956. FoundTo = true; // record that this tag was present.
  957. break;
  958. }
  959. default: { // If we're still following along then
  960. break; // keep on keepin' on.
  961. }
  962. } // Once we know what we're doing we
  963. return c; // return the character we got.
  964. }
  965. unsigned char FilterChainHeaderAnalysis::doCC() { // Identifying a CC: header.
  966. unsigned char c = FilterChain::GetByte(); // Get the next byte of the header tag.
  967. switch(FollowPattern(c)) { // See if we're still on the path.
  968. case -1: { // If we're not on the right tag then
  969. Mode = &FilterChainHeaderAnalysis::doSeekNL; // go back to looking for the next one.
  970. break;
  971. }
  972. case 0: { // If we've found the end of our tag (match!)
  973. Mode = &FilterChainHeaderAnalysis::doSeekNL; // start looking for the the next tag and
  974. FoundCC = true; // record that this tag was present.
  975. break;
  976. }
  977. default: { // If we're still following along then
  978. break; // keep on keepin' on.
  979. }
  980. } // Once we know what we're doing we
  981. return c; // return the character we got.
  982. }
  983. unsigned char FilterChainHeaderAnalysis::doMessageID() { // Identifying a MessageID header.
  984. unsigned char c = FilterChain::GetByte(); // Get the next byte of the header tag.
  985. switch(FollowPattern(c)) { // See if we're still on the path.
  986. case -1: { // If we're not on the right tag then
  987. Mode = &FilterChainHeaderAnalysis::doSeekNL; // go back to looking for the next one.
  988. break;
  989. }
  990. case 0: { // If we've found the end of our tag (match!)
  991. Mode = &FilterChainHeaderAnalysis::doSeekNL; // start looking for the the next tag and
  992. FoundMessageID = true; // record that this tag was present.
  993. break;
  994. }
  995. default: { // If we're still following along then
  996. break; // keep on keepin' on.
  997. }
  998. } // Once we know what we're doing we
  999. return c; // return the character we got.
  1000. }
  1001. unsigned char FilterChainHeaderAnalysis::doDate() { // Identifying a Date: header.
  1002. unsigned char c = FilterChain::GetByte(); // Get the next byte of the header tag.
  1003. switch(FollowPattern(c)) { // See if we're still on the path.
  1004. case -1: { // If we're not on the right tag then
  1005. Mode = &FilterChainHeaderAnalysis::doSeekNL; // go back to looking for the next one.
  1006. break;
  1007. }
  1008. case 0: { // If we've found the end of our tag (match!)
  1009. Mode = &FilterChainHeaderAnalysis::doSeekNL; // start looking for the the next tag and
  1010. FoundDate = true; // record that this tag was present.
  1011. break;
  1012. }
  1013. default: { // If we're still following along then
  1014. break; // keep on keepin' on.
  1015. }
  1016. } // Once we know what we're doing we
  1017. return c; // return the character we got.
  1018. }
  1019. unsigned char FilterChainHeaderAnalysis::doSubject() { // Identifying a Subject: header.
  1020. unsigned char c = FilterChain::GetByte(); // Get the next byte of the header tag.
  1021. switch(FollowPattern(c)) { // See if we're still on the path.
  1022. case -1: { // If we're not on the right tag then
  1023. Mode = &FilterChainHeaderAnalysis::doSeekNL; // go back to looking for the next one.
  1024. break;
  1025. }
  1026. case 0: { // If we've found the end of our tag (match!)
  1027. Mode = &FilterChainHeaderAnalysis::doSeekNL; // start looking for the the next tag and
  1028. FoundSubject = true; // record that this tag was present.
  1029. break;
  1030. }
  1031. default: { // If we're still following along then
  1032. break; // keep on keepin' on.
  1033. }
  1034. } // Once we know what we're doing we
  1035. return c; // return the character we got.
  1036. }
  1037. unsigned char FilterChainHeaderAnalysis::doEndOfHeaders() { // IdentifyEndOfHeaders & Emit Results.
  1038. // We know we've reached the end of the headers so now
  1039. // we have to formulate the results we want to inject and
  1040. // er... inject them.
  1041. EndOfHeaderResults = "X-SNFHDR: "; // Emit an X header (internal only)
  1042. if(MissingCC()) { EndOfHeaderResults.append("-CC "); } // Emit -CC if no CC header.
  1043. if(MissingTo()) { EndOfHeaderResults.append("-TO "); } // Emit -TO if no TO header (together no to)
  1044. if(MissingFrom()) { EndOfHeaderResults.append("-FROM "); } // Emit -FROM if no FROM header.
  1045. if(MissingDate()) { EndOfHeaderResults.append("-DATE "); } // Emit -DATE if no DATE header.
  1046. if(MissingMessageID()) { EndOfHeaderResults.append("-MESSAGEID "); } // Emit -MESSAGEID if no MESSAGE-ID header.
  1047. if(MissingSubject()) { EndOfHeaderResults.append("-SUBJECT "); } // Emit -SUBJECT if no SUBJECT header.
  1048. if(HighBitCharacters()) { EndOfHeaderResults.append("+HIGHBIT"); } // Emit +HIGHBIT if non-ascii chars present.
  1049. EndOfHeaderResults.append("\n\n"); // Emit the double newline - end of headers.
  1050. SetOutputBuffer(EndOfHeaderResults); // Setup the output string.
  1051. Mode = &FilterChainHeaderAnalysis::doInjectAnalysis; // Switch to the output injection mode.
  1052. return GetByte(); // Return the first byte from there :-)
  1053. }
  1054. void FilterChainHeaderAnalysis::SetOutputBuffer(string& s) { // Setup the OutputBuffer.
  1055. OutputBuffer = (char*) s.c_str(); OutputIndex = 0; // Capture the c_str and reset the index.
  1056. }
  1057. unsigned char FilterChainHeaderAnalysis::doInjectIPTestResult() { // Inject OutputBuffer and go to doSeekNL.
  1058. unsigned char c = OutputBuffer[OutputIndex++]; // Get the next byte in the output buffer.
  1059. if(0 == c) { // If it is the null terminator then we
  1060. Mode = &FilterChainHeaderAnalysis::doSeekNL; // go back to seeking lines and return that
  1061. return GetByte(); // byte instead.
  1062. } // If we have a normal byte then we
  1063. return c; // return it.
  1064. }
  1065. unsigned char FilterChainHeaderAnalysis::doInjectAnalysis() { // Inject OutputBuffer and go to doOff.
  1066. unsigned char c = OutputBuffer[OutputIndex++]; // Get the next byte in the output buffer.
  1067. if(0 == c) { // If it is the null terminator then we
  1068. Mode = &FilterChainHeaderAnalysis::doOff; // go back to seeking lines and return that
  1069. return GetByte(); // byte instead.
  1070. } // If we have a normal byte then we
  1071. return c; // return it.
  1072. }