[663] in linux-security and linux-alert archive
Re: [linux-security] good character, bad character
daemon@ATHENA.MIT.EDU (Igor Chudov @ home)
Fri Apr 5 15:09:41 1996
To: hobbit@avian.org (*Hobbit*)
Date: Fri, 5 Apr 1996 07:02:31 -0600 (CST)
Cc: best-of-security@suburbia.net, linux-security@tarsier.cv.nrao.edu
Reply-To: ichudov@algebra.com (Igor Chudov)
In-Reply-To: <199604050008.TAA06467@narq.avian.org> from "*Hobbit*" at Apr 4, 96 07:08:24 pm
From: ichudov@algebra.com (Igor Chudov @ home)
[Mod: I'm forwarding this mainly because it takes a step toward bridging
the gap between Wietse's and Hobbit's approaches. --Jeff.]
*Hobbit* wrote:
>
> However, when one is trying to speed-tweak something like a high-volume
> web server that will be reading, checking, and massaging many lines of user
> input per second, the gnarly table approach might have its advantages.
> Whatever. The people writing web servers clearly aren't reading this list
> anyways, so what's the difference.
>
Reading all this interesting discussion, a thought occurred that there
is a way to make you both right. I think that the method below (possibly
implemented in a separate C file) may be widely used.
#define MAX_CHAR 256
char * create_char_table( const char * good_chars )
{
char * result = (char *) malloc( MAX_CHAR );
int i;
if( result == NULL ) return 0; /* Malloc failed */
for( i=0; i < MAX_CHAR; i++ ) result[i] = 0; /* by default all are bad */
while( *good_chars ) result[*(good_chars++)] = 1; /* set all good chars */
return result;
}
#define GOOD_CHAR( c, table ) ((table)[c])
Usage:
... when initializing everything:
char * good_characters = init_char_table( "abcdefghijklmopqrstuvwxyz"
"ABCDEFGHIJKLMOPQRSTUVWXYZ"
"0123456789+-,." );
and when the work is done:
if( !GOOD_CHAR( some_string[i], good_characters ) ) some_string[i] = '_';
Your opinion? This is how I do filtering for incoming commands
to the robomoderator program that I wrote. Works fast and is
still readable.
- Igor.
