You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by la...@apache.org on 2001/05/16 22:54:44 UTC
cvs commit: jakarta-tomcat/src/native/jk jk_uri_worker_map.c
larryi 01/05/16 13:54:43
Modified: src/native/jk Tag: tomcat_32 jk_uri_worker_map.c
Log:
Fix bug in check_security_fraud() and add ".suffix " to ".suffix." and
"suffix/" already being checked.
Revision Changes Path
No revision
No revision
1.3.2.1 +5 -4 jakarta-tomcat/src/native/jk/Attic/jk_uri_worker_map.c
Index: jk_uri_worker_map.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/native/jk/Attic/jk_uri_worker_map.c,v
retrieving revision 1.3
retrieving revision 1.3.2.1
diff -u -r1.3 -r1.3.2.1
--- jk_uri_worker_map.c 2000/05/29 12:53:24 1.3
+++ jk_uri_worker_map.c 2001/05/16 20:54:37 1.3.2.1
@@ -65,7 +65,7 @@
* servlet container. *
* *
* Author: Gal Shachor <sh...@il.ibm.com> *
- * Version: $Revision: 1.3 $ *
+ * Version: $Revision: 1.3.2.1 $ *
***************************************************************************/
#include "jk_pool.h"
@@ -111,7 +111,8 @@
* fumble and return the jsp content.
*
* To solve that we will check for path info following the suffix, we
- * will also check that the end of the uri is not .suffix.
+ * will also check that the end of the uri is not ".suffix.",
+ * ".suffix/", or ".suffix ".
*/
static int check_security_fraud(jk_uri_worker_map_t *uw_map,
const char *uri,
@@ -129,9 +130,9 @@
if('.' != *(suffix_start - 1)) {
continue;
} else {
- char *after_suffix = suffix_start + strlen(uw_map->maps[i].suffix) + 1;
+ char *after_suffix = suffix_start + strlen(uw_map->maps[i].suffix);
- if((('.' == *after_suffix) || ('/' == *after_suffix)) &&
+ if((('.' == *after_suffix) || ('/' == *after_suffix) || (' ' == *after_suffix)) &&
(0 == strncmp(uw_map->maps[i].context, uri, uw_map->maps[i].ctxt_len))) {
/*
* Security violation !!!