Author: markt Date: Mon Sep 10 09:52:04 2018 New Revision: 1840445 URL: http://svn.apache.org/viewvc?rev=1840445&view=rev Log: Optimize path parameter handling, by centralizing it in jk_servlet_normalize() and removing it from map_uri_to_worker_ext()
Modified: tomcat/jk/trunk/native/common/jk_uri_worker_map.c tomcat/jk/trunk/native/common/jk_util.c Modified: tomcat/jk/trunk/native/common/jk_uri_worker_map.c URL: http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_uri_worker_map.c?rev=1840445&r1=1840444&r2=1840445&view=diff ============================================================================== --- tomcat/jk/trunk/native/common/jk_uri_worker_map.c (original) +++ tomcat/jk/trunk/native/common/jk_uri_worker_map.c Mon Sep 10 09:52:04 2018 @@ -1139,8 +1139,8 @@ const char *map_uri_to_worker_ext(jk_uri } vhost_len += off; } - /* Make the copy of the provided uri and strip - * everything after the first ';' char. + /* Make the copy of the provided uri, check length + * and look for potentially unsafe constructs */ uri_len = strlen(uri); remain = JK_MAX_URI_LEN - vhost_len; @@ -1152,15 +1152,11 @@ const char *map_uri_to_worker_ext(jk_uri JK_TRACE_EXIT(l); return NULL; } - if (uri[i] == ';') - break; - else { - url[i + vhost_len] = uri[i]; - if (reject_unsafe && (uri[i] == '%' || uri[i] == '\\')) { - jk_log(l, JK_LOG_INFO, "Potentially unsafe request url '%s' rejected", uri); - JK_TRACE_EXIT(l); - return NULL; - } + url[i + vhost_len] = uri[i]; + if (reject_unsafe && (uri[i] == '%' || uri[i] == '\\')) { + jk_log(l, JK_LOG_INFO, "Potentially unsafe request url '%s' rejected", uri); + JK_TRACE_EXIT(l); + return NULL; } } url[i + vhost_len] = '\0'; Modified: tomcat/jk/trunk/native/common/jk_util.c URL: http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_util.c?rev=1840445&r1=1840444&r2=1840445&view=diff ============================================================================== --- tomcat/jk/trunk/native/common/jk_util.c (original) +++ tomcat/jk/trunk/native/common/jk_util.c Mon Sep 10 09:52:04 2018 @@ -2191,8 +2191,23 @@ int jk_servlet_normalize(char *path, jk_ return JK_NORMALIZE_BAD_PATH; } + /* First pass. + * Remove path parameters ;foo=bar/ from any path segment + */ + for (l = 1, w = 1; path[l] != '\0';) { + if (path[l] == ';') { + l++; + while (path[l] != '/' && path[l] != '\0') { + l++; + } + } + else + path[w++] = path[l++]; + } + path[w] = '\0'; + /* - * First pass. + * Second pass. * Collapse ///// sequences to / */ for (l = 1, w = 1; path[l] != '\0';) { @@ -2204,20 +2219,16 @@ int jk_servlet_normalize(char *path, jk_ } path[w] = '\0'; - /* Second pass. - * Remove /./ segments including those with path parameters such as - * /.;foo=bar/ + /* Third pass. + * Remove /./ segments * Both leading and trailing segments will be removed. */ for (l = 1, w = 1; path[l] != '\0';) { if (path[l] == '.' && - (path[l + 1] == '/' || path[l + 1] == ';' || path[l + 1] == '\0') && + (path[l + 1] == '/' || path[l + 1] == '\0') && (l == 0 || path[l - 1] == '/')) { l++; - while (path[l] != '/' && path[l] != '\0') { - l++; - } - if (path[l] != '\0') { + if (path[l] == '/') { l++; } } @@ -2226,15 +2237,14 @@ int jk_servlet_normalize(char *path, jk_ } path[w] = '\0'; - /* Third pass. - * Remove /xx/../ segments including those with path parameters such as - * /xxx/..;foo=bar/ + /* Fourth pass. + * Remove /xx/../ segments * Trailing segments will be removed but leading /../ segments are an error * condition. */ for (l = 1, w = 1; path[l] != '\0';) { if (path[l] == '.' && path[l + 1] == '.' && - (path[l + 2] == '/' || path[l + 2] == ';' || path[l + 2] == '\0') && + (path[l + 2] == '/' || path[l + 2] == '\0') && (l == 0 || path[l - 1] == '/')) { // Wind w back to remove the previous segment @@ -2252,10 +2262,7 @@ int jk_servlet_normalize(char *path, jk_ // Move l forward to the next segment l += 2; - while (path[l] != '/' && path [l] != '\0') { - l++; - } - if (path[l] != '\0') { + if (path[l] == '/') { l++; } } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org