You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by la...@apache.org on 2001/05/16 22:49:36 UTC
cvs commit: jakarta-tomcat/src/native/mod_jk/common jk_uri_worker_map.c
larryi 01/05/16 13:49:35
Modified: src/native/mod_jk/common jk_uri_worker_map.c
Log:
Fix bug in check_security_fraud() and add ".suffix " to ".suffix." and
"suffix/" already being checked.
Minor updates to log output.
Revision Changes Path
1.5 +8 -7 jakarta-tomcat/src/native/mod_jk/common/jk_uri_worker_map.c
Index: jk_uri_worker_map.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/native/mod_jk/common/jk_uri_worker_map.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- jk_uri_worker_map.c 2001/04/23 11:20:24 1.4
+++ jk_uri_worker_map.c 2001/05/16 20:49:25 1.5
@@ -65,7 +65,7 @@
* servlet container. *
* *
* Author: Gal Shachor <sh...@il.ibm.com> *
- * Version: $Revision: 1.4 $ *
+ * Version: $Revision: 1.5 $ *
***************************************************************************/
#include "jk_pool.h"
@@ -111,7 +111,8 @@
* fumble and return the jsp content.
*
* To solve that we will check for path info following the suffix, we
- * will also check that the end of the uri is not .suffix.
+ * will also check that the end of the uri is not ".suffix.",
+ * ".suffix/", or ".suffix ".
*/
static int check_security_fraud(jk_uri_worker_map_t *uw_map,
const char *uri,
@@ -129,9 +130,9 @@
if('.' != *(suffix_start - 1)) {
continue;
} else {
- char *after_suffix = suffix_start + strlen(uw_map->maps[i].suffix) + 1;
+ char *after_suffix = suffix_start + strlen(uw_map->maps[i].suffix);
- if((('.' == *after_suffix) || ('/' == *after_suffix)) &&
+ if((('.' == *after_suffix) || ('/' == *after_suffix) || (' ' == *after_suffix)) &&
(0 == strncmp(uw_map->maps[i].context, uri, uw_map->maps[i].ctxt_len))) {
/*
* Security violation !!!
@@ -356,7 +357,7 @@
uri = clean_uri;
}
- jk_log(l, JK_LOG_DEBUG, "Attempting to map URI %s\n", uri);
+ jk_log(l, JK_LOG_DEBUG, "Attempting to map URI '%s'\n", uri);
for(i = 0 ; i < uw_map->size ; i++) {
if(uw_map->maps[i].ctxt_len < longest_match) {
@@ -370,7 +371,7 @@
if(strlen(uri) == uw_map->maps[i].ctxt_len) {
jk_log(l,
JK_LOG_DEBUG,
- "jk_uri_worker_map_t::map_uri_to_worker, Found an exact match %s ->%s\n",
+ "jk_uri_worker_map_t::map_uri_to_worker, Found an exact match %s -> %s\n",
uw_map->maps[i].worker_name,
uw_map->maps[i].context );
return uw_map->maps[i].worker_name;
@@ -431,7 +432,7 @@
if(fraud >= 0) {
jk_log(l, JK_LOG_EMERG,
- "In jk_uri_worker_map_t::map_uri_to_worker, found a security fraud in [%s]\n",
+ "In jk_uri_worker_map_t::map_uri_to_worker, found a security fraud in '%s'\n",
uri);
return uw_map->maps[fraud].worker_name;
}