Author: markt
Date: Mon Sep 10 09:52:04 2018
New Revision: 1840445
URL: http://svn.apache.org/viewvc?rev=1840445&view=rev
Log:
Optimize path parameter handling, by centralizing it in jk_servlet_normalize()
and removing it from map_uri_to_worker_ext()
Modified:
tomcat/jk/trunk/native/common/jk_uri_worker_map.c
tomcat/jk/trunk/native/common/jk_util.c
Modified: tomcat/jk/trunk/native/common/jk_uri_worker_map.c
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_uri_worker_map.c?rev=1840445&r1=1840444&r2=1840445&view=diff
==============================================================================
--- tomcat/jk/trunk/native/common/jk_uri_worker_map.c (original)
+++ tomcat/jk/trunk/native/common/jk_uri_worker_map.c Mon Sep 10 09:52:04 2018
@@ -1139,8 +1139,8 @@ const char *map_uri_to_worker_ext(jk_uri
}
vhost_len += off;
}
- /* Make the copy of the provided uri and strip
- * everything after the first ';' char.
+ /* Make the copy of the provided uri, check length
+ * and look for potentially unsafe constructs
*/
uri_len = strlen(uri);
remain = JK_MAX_URI_LEN - vhost_len;
@@ -1152,15 +1152,11 @@ const char *map_uri_to_worker_ext(jk_uri
JK_TRACE_EXIT(l);
return NULL;
}
- if (uri[i] == ';')
- break;
- else {
- url[i + vhost_len] = uri[i];
- if (reject_unsafe && (uri[i] == '%' || uri[i] == '\\')) {
- jk_log(l, JK_LOG_INFO, "Potentially unsafe request url '%s'
rejected", uri);
- JK_TRACE_EXIT(l);
- return NULL;
- }
+ url[i + vhost_len] = uri[i];
+ if (reject_unsafe && (uri[i] == '%' || uri[i] == '\\')) {
+ jk_log(l, JK_LOG_INFO, "Potentially unsafe request url '%s'
rejected", uri);
+ JK_TRACE_EXIT(l);
+ return NULL;
}
}
url[i + vhost_len] = '\0';
Modified: tomcat/jk/trunk/native/common/jk_util.c
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_util.c?rev=1840445&r1=1840444&r2=1840445&view=diff
==============================================================================
--- tomcat/jk/trunk/native/common/jk_util.c (original)
+++ tomcat/jk/trunk/native/common/jk_util.c Mon Sep 10 09:52:04 2018
@@ -2191,8 +2191,23 @@ int jk_servlet_normalize(char *path, jk_
return JK_NORMALIZE_BAD_PATH;
}
+ /* First pass.
+ * Remove path parameters ;foo=bar/ from any path segment
+ */
+ for (l = 1, w = 1; path[l] != '\0';) {
+ if (path[l] == ';') {
+ l++;
+ while (path[l] != '/' && path[l] != '\0') {
+ l++;
+ }
+ }
+ else
+ path[w++] = path[l++];
+ }
+ path[w] = '\0';
+
/*
- * First pass.
+ * Second pass.
* Collapse ///// sequences to /
*/
for (l = 1, w = 1; path[l] != '\0';) {
@@ -2204,20 +2219,16 @@ int jk_servlet_normalize(char *path, jk_
}
path[w] = '\0';
- /* Second pass.
- * Remove /./ segments including those with path parameters such as
- * /.;foo=bar/
+ /* Third pass.
+ * Remove /./ segments
* Both leading and trailing segments will be removed.
*/
for (l = 1, w = 1; path[l] != '\0';) {
if (path[l] == '.' &&
- (path[l + 1] == '/' || path[l + 1] == ';' || path[l + 1] ==
'\0') &&
+ (path[l + 1] == '/' || path[l + 1] == '\0') &&
(l == 0 || path[l - 1] == '/')) {
l++;
- while (path[l] != '/' && path[l] != '\0') {
- l++;
- }
- if (path[l] != '\0') {
+ if (path[l] == '/') {
l++;
}
}
@@ -2226,15 +2237,14 @@ int jk_servlet_normalize(char *path, jk_
}
path[w] = '\0';
- /* Third pass.
- * Remove /xx/../ segments including those with path parameters such as
- * /xxx/..;foo=bar/
+ /* Fourth pass.
+ * Remove /xx/../ segments
* Trailing segments will be removed but leading /../ segments are an error
* condition.
*/
for (l = 1, w = 1; path[l] != '\0';) {
if (path[l] == '.' && path[l + 1] == '.' &&
- (path[l + 2] == '/' || path[l + 2] == ';' || path[l + 2] ==
'\0') &&
+ (path[l + 2] == '/' || path[l + 2] == '\0') &&
(l == 0 || path[l - 1] == '/')) {
// Wind w back to remove the previous segment
@@ -2252,10 +2262,7 @@ int jk_servlet_normalize(char *path, jk_
// Move l forward to the next segment
l += 2;
- while (path[l] != '/' && path [l] != '\0') {
- l++;
- }
- if (path[l] != '\0') {
+ if (path[l] == '/') {
l++;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
