You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by la...@apache.org on 2001/09/27 00:30:10 UTC

cvs commit: jakarta-tomcat/src/native/mod_jk/common jk_uri_worker_map.c

larryi      01/09/26 15:30:10

  Modified:    src/native/mod_jk/common jk_uri_worker_map.c
  Log:
  Patch for buffer overflow problem.
  
  Submitted by: Bill Barker
  
  Revision  Changes    Path
  1.6       +7 -5      jakarta-tomcat/src/native/mod_jk/common/jk_uri_worker_map.c
  
  Index: jk_uri_worker_map.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/native/mod_jk/common/jk_uri_worker_map.c,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- jk_uri_worker_map.c	2001/05/16 20:49:25	1.5
  +++ jk_uri_worker_map.c	2001/09/26 22:30:09	1.6
  @@ -65,7 +65,7 @@
    * servlet container.                                                      *
    *                                                                         *
    * Author:      Gal Shachor <sh...@il.ibm.com>                           *
  - * Version:     $Revision: 1.5 $                                               *
  + * Version:     $Revision: 1.6 $                                               *
    ***************************************************************************/
   
   #include "jk_pool.h"
  @@ -347,11 +347,11 @@
           unsigned i;
           unsigned best_match = -1;
           unsigned longest_match = 0;
  -        char clean_uri[4096];
  +        char *clean_uri=NULL;
           char *url_rewrite = strstr(uri, JK_PATH_SESSION_IDENTIFIER);
           
           if(url_rewrite) {
  -            strcpy(clean_uri, uri);
  +	    clean_uri = strdup(uri);
               url_rewrite = strstr(clean_uri, JK_PATH_SESSION_IDENTIFIER);
               *url_rewrite = '\0';
               uri = clean_uri;
  @@ -374,6 +374,7 @@
   			       "jk_uri_worker_map_t::map_uri_to_worker, Found an exact match %s -> %s\n",
   			       uw_map->maps[i].worker_name,
   			       uw_map->maps[i].context );
  +			free(clean_uri);
                           return uw_map->maps[i].worker_name;
                       }
                   } else if(MATCH_TYPE_CONTEXT == uw_map->maps[i].match_type) {
  @@ -418,6 +419,7 @@
           }
   
           if(-1 != best_match) {
  +	    free(clean_uri);
               return uw_map->maps[best_match].worker_name;
           } else {
               /*
  @@ -433,7 +435,8 @@
               if(fraud >= 0) {
                   jk_log(l, JK_LOG_EMERG, 
                          "In jk_uri_worker_map_t::map_uri_to_worker, found a security fraud in '%s'\n",
  -                       uri);    
  +                       uri);
  +		free(clean_uri);
                   return uw_map->maps[fraud].worker_name;
               }
          }        
  @@ -441,7 +444,6 @@
           jk_log(l, JK_LOG_ERROR, 
                  "In jk_uri_worker_map_t::map_uri_to_worker, wrong parameters\n");    
       }
  -
       jk_log(l, JK_LOG_DEBUG, 
              "jk_uri_worker_map_t::map_uri_to_worker, done without a match\n");