You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Tim Whittington <Ti...@orionhealth.com> on 2007/02/26 02:33:12 UTC
Re: svn commit: r511227 - in /tomcat/connectors/trunk/jk:
native/apache-1.3/mod_jk.c native/apache-2
Mladen
Why was this changed to use malloc over _alloca here?
Regardless of that, it looks like there are two (potential) bugs introduced in this patch:
- There's no sizeof(char) in the mallo for status_str and headers_str
- status_str isn't initialised, so the check to free it will probably fire all the time and do nasty things if it's not allocated (we don't check malloc returns anyway, so it'll probably die before then when we write into the buffer).
Do you want me to BZ this?
tim
Modified: tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c?view=diff&rev=511227&r1=511226&r2=511227
==============================================================================
--- tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c (original)
+++ tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c Fri Feb 23 22:50:05 2007
@@ -528,13 +528,14 @@
return JK_FALSE;
}
- if (s && s->ws_private) {
+ if (s && s->ws_private) {
+ int rv = JK_TRUE;
isapi_private_data_t *p = s->ws_private;
if (!p->request_started) {
- size_t len_of_status;
+ HSE_SEND_HEADER_EX_INFO hi;
char *status_str;
- char *headers_str;
-
+ char *headers_str = NULL;
+ BOOL keep_alive = FALSE;
p->request_started = JK_TRUE;
/*
@@ -543,9 +544,10 @@
if (!reason) {
reason = status_reason(status);
}
- status_str = (char *)_alloca((6 + strlen(reason)) * sizeof(char));
+ status_str = (char *)malloc((6 + strlen(reason)));
sprintf(status_str, "%d %s", status, reason);
- len_of_status = strlen(status_str);
+ hi.pszStatus = status_str;
+ hi.cchStatus = strlen(status_str);
/*
* Create response headers string
@@ -555,11 +557,11 @@
for (i = 0, len_of_headers = 0; i < num_of_headers; i++) {
len_of_headers += strlen(header_names[i]);
len_of_headers += strlen(header_values[i]);
- len_of_headers += 4; /* extra for colon, space and crlf */
+ len_of_headers += 4; /* extra for colon, space and crlf */
}
- len_of_headers += 3; /* crlf and terminating null char */
- headers_str = (char *)_alloca(len_of_headers * sizeof(char));
+ len_of_headers += 3; /* crlf and terminating null char */
+ headers_str = (char *)malloc(len_of_headers);
headers_str[0] = '\0';
for (i = 0; i < num_of_headers; i++) {
@@ -569,25 +571,29 @@
strcat(headers_str, crlf);
}
strcat(headers_str, crlf);
+ hi.pszHeader = headers_str;
+ hi.cchHeader = strlen(headers_str);
}
else {
- headers_str = crlf;
+ hi.pszHeader = crlf;
+ hi.cchHeader = 2;
}
-
+ hi.fKeepConn = keep_alive;
if (!p->lpEcb->ServerSupportFunction(p->lpEcb->ConnID,
- HSE_REQ_SEND_RESPONSE_HEADER,
- status_str,
- (LPDWORD) &len_of_status,
- (LPDWORD) headers_str)) {
+ HSE_REQ_SEND_RESPONSE_HEADER_EX,
+ &hi,
+ NULL, NULL)) {
jk_log(logger, JK_LOG_ERROR,
- "HSE_REQ_SEND_RESPONSE_HEADER failed");
- JK_TRACE_EXIT(logger);
- return JK_FALSE;
+ "HSE_REQ_SEND_RESPONSE_HEADER_EX failed");
+ rv = JK_FALSE;
}
+ if (headers_str)
+ free(headers_str);
+ if (status_str)
+ free(status_str);
}
JK_TRACE_EXIT(logger);
- return JK_TRUE;
-
+ return rv;
}
JK_LOG_NULL_PARAMS(logger);
Modified: tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=diff&rev=511227&r1=511226&r2=511227
==============================================================================
--- tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml Fri Feb 23 22:50:05 2007
@@ -27,6 +27,11 @@
<subsection name="Native">
<changelog>
<add>
+ <bug>41439</bug>: Allow session IDs to get stripped off URLs of static
+ content in Apache by adding JkStripSession
+ directive (configurable per vhost). (mturk)
+ </add>
+ <add>
Change semantics of empty defaults for JkEnvVar variables.
Until 1.2.19: not allowed. In 1.2.20: send variables as empty strings, if
neither set to non empty in config, nor during runtime.
Modified: tomcat/connectors/trunk/jk/xdocs/reference/apache.xml
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/reference/apache.xml?view=diff&rev=511227&r1=511226&r2=511227
==============================================================================
--- tomcat/connectors/trunk/jk/xdocs/reference/apache.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/reference/apache.xml Fri Feb 23 22:50:05 2007
@@ -220,7 +220,15 @@
Not sending variables with empty defaults and empty runtime value
has been introduced in version 1.2.21.
</p></attribute>
-
+<attribute name="JkStripSession" required="false"><p>
+If this directive is set to On in some virtual server,
+the session IDs <code>;jsessionid=...</code> will be
+removed for non matched URLs.
+<br/>
+This directive is only allowed inside VirtualHost.
+<br/>
+The default is Off.
+</p></attribute>
</attributes>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r511227 - in /tomcat/connectors/trunk/jk:
native/apache-1.3/mod_jk.c native/apache-2
Posted by Jean-Frederic <jf...@gmail.com>.
On Mon, 2007-02-26 at 16:07 +1300, Tim Whittington wrote:
> Never mind the second issue - one should read the docs more carefully. Apologies for the noise.
> The missing sizeof makes me nervous still.
sizeof(char) is one and there is a sprintf()...
Cheers
Jean-Frederic
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r511227 - in /tomcat/connectors/trunk/jk:
native/apache-1.3/mod_jk.c native/apache-2
Posted by Tim Whittington <Ti...@orionhealth.com>.
Never mind the second issue - one should read the docs more carefully. Apologies for the noise.
The missing sizeof makes me nervous still.
tim
>>> On 26/02/2007 at 2:33 p.m., in message <45...@orionhealth.com>, "Tim Whittington" <Ti...@orionhealth.com> wrote:
Mladen
Why was this changed to use malloc over _alloca here?
Regardless of that, it looks like there are two (potential) bugs introduced in this patch:
- There's no sizeof(char) in the mallo for status_str and headers_str
- status_str isn't initialised, so the check to free it will probably fire all the time and do nasty things if it's not allocated (we don't check malloc returns anyway, so it'll probably die before then when we write into the buffer).
Do you want me to BZ this?
tim
Modified: tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c?view=diff&rev=511227&r1=511226&r2=511227
==============================================================================
--- tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c (original)
+++ tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c Fri Feb 23 22:50:05 2007
@@ -528,13 +528,14 @@
return JK_FALSE;
}
- if (s && s->ws_private) {
+ if (s && s->ws_private) {
+ int rv = JK_TRUE;
isapi_private_data_t *p = s->ws_private;
if (!p->request_started) {
- size_t len_of_status;
+ HSE_SEND_HEADER_EX_INFO hi;
char *status_str;
- char *headers_str;
-
+ char *headers_str = NULL;
+ BOOL keep_alive = FALSE;
p->request_started = JK_TRUE;
/*
@@ -543,9 +544,10 @@
if (!reason) {
reason = status_reason(status);
}
- status_str = (char *)_alloca((6 + strlen(reason)) * sizeof(char));
+ status_str = (char *)malloc((6 + strlen(reason)));
sprintf(status_str, "%d %s", status, reason);
- len_of_status = strlen(status_str);
+ hi.pszStatus = status_str;
+ hi.cchStatus = strlen(status_str);
/*
* Create response headers string
@@ -555,11 +557,11 @@
for (i = 0, len_of_headers = 0; i < num_of_headers; i++) {
len_of_headers += strlen(header_names[i]);
len_of_headers += strlen(header_values[i]);
- len_of_headers += 4; /* extra for colon, space and crlf */
+ len_of_headers += 4; /* extra for colon, space and crlf */
}
- len_of_headers += 3; /* crlf and terminating null char */
- headers_str = (char *)_alloca(len_of_headers * sizeof(char));
+ len_of_headers += 3; /* crlf and terminating null char */
+ headers_str = (char *)malloc(len_of_headers);
headers_str[0] = '\0';
for (i = 0; i < num_of_headers; i++) {
@@ -569,25 +571,29 @@
strcat(headers_str, crlf);
}
strcat(headers_str, crlf);
+ hi.pszHeader = headers_str;
+ hi.cchHeader = strlen(headers_str);
}
else {
- headers_str = crlf;
+ hi.pszHeader = crlf;
+ hi.cchHeader = 2;
}
-
+ hi.fKeepConn = keep_alive;
if (!p->lpEcb->ServerSupportFunction(p->lpEcb->ConnID,
- HSE_REQ_SEND_RESPONSE_HEADER,
- status_str,
- (LPDWORD) &len_of_status,
- (LPDWORD) headers_str)) {
+ HSE_REQ_SEND_RESPONSE_HEADER_EX,
+ &hi,
+ NULL, NULL)) {
jk_log(logger, JK_LOG_ERROR,
- "HSE_REQ_SEND_RESPONSE_HEADER failed");
- JK_TRACE_EXIT(logger);
- return JK_FALSE;
+ "HSE_REQ_SEND_RESPONSE_HEADER_EX failed");
+ rv = JK_FALSE;
}
+ if (headers_str)
+ free(headers_str);
+ if (status_str)
+ free(status_str);
}
JK_TRACE_EXIT(logger);
- return JK_TRUE;
-
+ return rv;
}
JK_LOG_NULL_PARAMS(logger);
Modified: tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml?view=diff&rev=511227&r1=511226&r2=511227
==============================================================================
--- tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/miscellaneous/changelog.xml Fri Feb 23 22:50:05 2007
@@ -27,6 +27,11 @@
<subsection name="Native">
<changelog>
<add>
+ <bug>41439</bug>: Allow session IDs to get stripped off URLs of static
+ content in Apache by adding JkStripSession
+ directive (configurable per vhost). (mturk)
+ </add>
+ <add>
Change semantics of empty defaults for JkEnvVar variables.
Until 1.2.19: not allowed. In 1.2.20: send variables as empty strings, if
neither set to non empty in config, nor during runtime.
Modified: tomcat/connectors/trunk/jk/xdocs/reference/apache.xml
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/reference/apache.xml?view=diff&rev=511227&r1=511226&r2=511227
==============================================================================
--- tomcat/connectors/trunk/jk/xdocs/reference/apache.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/reference/apache.xml Fri Feb 23 22:50:05 2007
@@ -220,7 +220,15 @@
Not sending variables with empty defaults and empty runtime value
has been introduced in version 1.2.21.
</p></attribute>
-
+<attribute name="JkStripSession" required="false"><p>
+If this directive is set to On in some virtual server,
+the session IDs <code>;jsessionid=...</code> will be
+removed for non matched URLs.
+<br/>
+This directive is only allowed inside VirtualHost.
+<br/>
+The default is Off.
+</p></attribute>
</attributes>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________