Quote HTML entities in s_server output

Reviewed-by: N Richard Levitte <levitte@openssl.org>

Quote HTML entities in s_server output
Reviewed-by: N Richard Levitte <levitte@openssl.org>
f92beb98 · Rich Salz · c6724060 · f92beb98
显示空白变更内容
内联并排

Showing with 16 addition and 1 deletion

apps/s_server.c apps/s_server.c +16 -1

未找到文件。
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2723,7 +2723,22 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
 /*                      BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
            BIO_puts(io, "\n");
            for (i = 0; i < local_argc; i++) {
-                BIO_puts(io, local_argv[i]);
+                const char *myp;
+                for (myp = local_argv[i]; *myp; myp++)
+                    switch (*myp) {
+                    case '<':
+                        BIO_puts(io, "&lt;");
+                        break;
+                    case '>':
+                        BIO_puts(io, "&gt;");
+                        break;
+                    case '&':
+                        BIO_puts(io, "&amp;");
+                        break;
+                    default:
+                        BIO_write(io, myp, 1);
+                        break;
+                    }
                BIO_write(io, " ", 1);
            }
            BIO_puts(io, "\n");