Author: rjung
Date: Thu Jan 1 20:22:50 2015
New Revision: 1648934
URL: http://svn.apache.org/r1648934
Log:
BZ 56618: Status: Use percent decoding when reading
query string parameters.
For example this fixes editing IPv6 addresses
via the status worker if the client encodes
":" as "%3A".
Patch contributed by Christopher Schultz.
Modified:
tomcat/jk/trunk/native/common/jk_status.c
tomcat/jk/trunk/native/common/jk_url.c
tomcat/jk/trunk/native/common/jk_url.h
tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
Modified: tomcat/jk/trunk/native/common/jk_status.c
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_status.c?rev=1648934&r1=1648933&r2=1648934&view=diff
==============================================================================
--- tomcat/jk/trunk/native/common/jk_status.c (original)
+++ tomcat/jk/trunk/native/common/jk_status.c Thu Jan 1 20:22:50 2015
@@ -35,6 +35,7 @@
#include "jk_ajp14_worker.h"
#include "jk_connect.h"
#include "jk_uri_worker_map.h"
+#include "jk_url.h"
#define HUGE_BUFFER_SIZE (8*1024)
@@ -1232,7 +1233,7 @@ static int status_parse_uri(jk_ws_servic
return JK_FALSE;
}
- /* XXX We simply mask special chars n the query string with '@' to prevent
cross site scripting */
+ /* XXX We simply mask special chars in the query string with '@' to
prevent cross site scripting */
query = p->query_string;
while ((query = strpbrk(query, JK_STATUS_ESC_CHARS)))
query[0] = '@';
@@ -1263,6 +1264,7 @@ static int status_parse_uri(jk_ws_servic
#endif
char *key = jk_pool_strdup(s->pool, param);
char *value;
+ char *tmp;
if (!key) {
jk_log(l, JK_LOG_ERROR,
"Status worker '%s' could not copy string",
@@ -1274,12 +1276,29 @@ static int status_parse_uri(jk_ws_servic
if (value) {
*value = '\0';
value++;
- /* XXX Depending on the params values, we might need to trim and
decode */
+
if (strlen(key)) {
+ /* percent decoding */
+ if (jk_unescape_url(value, value, -1, NULL, NULL, 1, NULL) !=
JK_TRUE) {
+ jk_log(l, JK_LOG_ERROR,
+ "Status worker '%s' could not decode query string "
+ "param '%s' with value '%s'",
+ w->name, key, value);
+ JK_TRACE_EXIT(l);
+ return JK_FALSE;
+ }
+
+ /* XXX We simply mask special chars in the query string with
'@'
+ * to prevent cross site scripting */
+ tmp = value;
+ while ((tmp = strpbrk(tmp, JK_STATUS_ESC_CHARS)))
+ tmp[0] = '@';
+
if (JK_IS_DEBUG_LEVEL(l))
jk_log(l, JK_LOG_DEBUG,
"Status worker '%s' adding request param '%s' with
value '%s'",
w->name, key, value);
+ /* XXX Depending on the params values, we might need to trim */
jk_map_put(m, key, value, NULL);
}
}
Modified: tomcat/jk/trunk/native/common/jk_url.c
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_url.c?rev=1648934&r1=1648933&r2=1648934&view=diff
==============================================================================
--- tomcat/jk/trunk/native/common/jk_url.c (original)
+++ tomcat/jk/trunk/native/common/jk_url.c Thu Jan 1 20:22:50 2015
@@ -110,3 +110,183 @@ int jk_canonenc(const char *x, char *y,
return JK_FALSE;
}
}
+
+#if USE_CHARSET_EBCDIC
+static int convert_a2e[256] = {
+ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2D, 0x2E, 0x2F, 0x16, 0x05, 0x15, 0x0B,
0x0C, 0x0D, 0x0E, 0x0F,
+ 0x10, 0x11, 0x12, 0x13, 0x3C, 0x3D, 0x32, 0x26, 0x18, 0x19, 0x3F, 0x27,
0x1C, 0x1D, 0x1E, 0x1F,
+ 0x40, 0x5A, 0x7F, 0x7B, 0x5B, 0x6C, 0x50, 0x7D, 0x4D, 0x5D, 0x5C, 0x4E,
0x6B, 0x60, 0x4B, 0x61,
+ 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0x7A, 0x5E,
0x4C, 0x7E, 0x6E, 0x6F,
+ 0x7C, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xD1, 0xD2,
0xD3, 0xD4, 0xD5, 0xD6,
+ 0xD7, 0xD8, 0xD9, 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, 0xAD,
0xE0, 0xBD, 0x5F, 0x6D,
+ 0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x91, 0x92,
0x93, 0x94, 0x95, 0x96,
+ 0x97, 0x98, 0x99, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9, 0xC0,
0x4F, 0xD0, 0xA1, 0x07,
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x06, 0x17, 0x28, 0x29, 0x2A, 0x2B,
0x2C, 0x09, 0x0A, 0x1B,
+ 0x30, 0x31, 0x1A, 0x33, 0x34, 0x35, 0x36, 0x08, 0x38, 0x39, 0x3A, 0x3B,
0x04, 0x14, 0x3E, 0xFF,
+ 0x41, 0xAA, 0x4A, 0xB1, 0x9F, 0xB2, 0x6A, 0xB5, 0xBB, 0xB4, 0x9A, 0x8A,
0xB0, 0xCA, 0xAF, 0xBC,
+ 0x90, 0x8F, 0xEA, 0xFA, 0xBE, 0xA0, 0xB6, 0xB3, 0x9D, 0xDA, 0x9B, 0x8B,
0xB7, 0xB8, 0xB9, 0xAB,
+ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9E, 0x68, 0x74, 0x71, 0x72, 0x73,
0x78, 0x75, 0x76, 0x77,
+ 0xAC, 0x69, 0xED, 0xEE, 0xEB, 0xEF, 0xEC, 0xBF, 0x80, 0xFD, 0xFE, 0xFB,
0xFC, 0xBA, 0xAE, 0x59,
+ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9C, 0x48, 0x54, 0x51, 0x52, 0x53,
0x58, 0x55, 0x56, 0x57,
+ 0x8C, 0x49, 0xCD, 0xCE, 0xCB, 0xCF, 0xCC, 0xE1, 0x70, 0xDD, 0xDE, 0xDB,
0xDC, 0x8D, 0x8E, 0xDF };
+#endif /*USE_CHARSET_EBCDIC*/
+
+static char x2c(const char *what)
+{
+ register char digit;
+
+#if !USE_CHARSET_EBCDIC
+ digit =
+ ((what[0] >= 'A') ? ((what[0] & 0xdf) - 'A') + 10 : (what[0] -
'0'));
+ digit *= 16;
+ digit += (what[1] >= 'A' ? ((what[1] & 0xdf) - 'A') + 10 : (what[1] -
'0'));
+#else /*USE_CHARSET_EBCDIC*/
+ char xstr[5];
+ xstr[0]='0';
+ xstr[1]='x';
+ xstr[2]=what[0];
+ xstr[3]=what[1];
+ xstr[4]='\0';
+ digit = convert_a2e[0xFF & strtol(xstr, NULL, 16)];
+#endif /*USE_CHARSET_EBCDIC*/
+ return (digit);
+}
+
+#define jk_isxdigit(c) (isxdigit(((unsigned char)(c))))
+
+/**
+ * Unescapes a URL, leaving reserved characters intact.
+ * @param unescaped Optional buffer to write the encoded string, can be
+ * NULL, in which case the URL decoding does not actually take place
+ * but the result length of the decoded URL will be returned.
+ * @param url String to be unescaped
+ * @param slen The length of the original url, or -1 to decode until
+ * a terminating '\0' is seen
+ * @param forbid Optional list of forbidden characters, in addition to
+ * 0x00
+ * @param reserved Optional list of reserved characters that will be
+ * left unescaped
+ * @param plus If non zero, '+' is converted to ' ' as per
+ * application/x-www-form-urlencoded encoding
+ * @param len If set, the length of the unescaped string will be returned
+ * @return JK_TRUE on success, JK_FALSE if no characters are
+ * decoded or the string is NULL, if a bad escape sequence is
+ * found, or if a character on the forbid list is found.
+ * Implementation copied from APR 1.5.x.
+ */
+int jk_unescape_url(char *const unescaped,
+ const char *const url,
+ size_t slen,
+ const char *const forbid,
+ const char *const reserved,
+ const int plus,
+ size_t *len)
+{
+ size_t size = 1;
+ int found = 0;
+ const char *s = (const char *) url;
+ char *d = (char *) unescaped;
+ register int badesc, badpath;
+
+ if (!url) {
+ return JK_FALSE;
+ }
+
+ badesc = 0;
+ badpath = 0;
+ if (s) {
+ if (d) {
+ for (; *s && slen; ++s, d++, slen--) {
+ if (plus && *s == '+') {
+ *d = ' ';
+ found = 1;
+ }
+ else if (*s != '%') {
+ *d = *s;
+ }
+ else {
+ if (!jk_isxdigit(*(s + 1)) || !jk_isxdigit(*(s + 2))) {
+ badesc = 1;
+ *d = '%';
+ }
+ else {
+ char decoded;
+ decoded = x2c(s + 1);
+ if ((decoded == '\0')
+ || (forbid && strchr(forbid, decoded))) {
+ badpath = 1;
+ *d = decoded;
+ s += 2;
+ slen -= 2;
+ }
+ else if (reserved && strchr(reserved, decoded)) {
+ *d++ = *s++;
+ *d++ = *s++;
+ *d = *s;
+ size += 2;
+ }
+ else {
+ *d = decoded;
+ s += 2;
+ slen -= 2;
+ found = 1;
+ }
+ }
+ }
+ size++;
+ }
+ *d = '\0';
+ }
+ else {
+ for (; *s && slen; ++s, slen--) {
+ if (plus && *s == '+') {
+ found = 1;
+ }
+ else if (*s != '%') {
+ /* character unchanged */
+ }
+ else {
+ if (!jk_isxdigit(*(s + 1)) || !jk_isxdigit(*(s + 2))) {
+ badesc = 1;
+ }
+ else {
+ char decoded;
+ decoded = x2c(s + 1);
+ if ((decoded == '\0')
+ || (forbid && strchr(forbid, decoded))) {
+ badpath = 1;
+ s += 2;
+ slen -= 2;
+ }
+ else if (reserved && strchr(reserved, decoded)) {
+ s += 2;
+ slen -= 2;
+ size += 2;
+ }
+ else {
+ s += 2;
+ slen -= 2;
+ found = 1;
+ }
+ }
+ }
+ size++;
+ }
+ }
+ }
+
+ if (len) {
+ *len = size;
+ }
+ if (badesc) {
+ return JK_FALSE;
+ }
+ else if (badpath) {
+ return JK_FALSE;
+ }
+ else if (!found) {
+ return JK_TRUE;
+ }
+
+ return JK_TRUE;
+}
Modified: tomcat/jk/trunk/native/common/jk_url.h
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_url.h?rev=1648934&r1=1648933&r2=1648934&view=diff
==============================================================================
--- tomcat/jk/trunk/native/common/jk_url.h (original)
+++ tomcat/jk/trunk/native/common/jk_url.h Thu Jan 1 20:22:50 2015
@@ -38,6 +38,34 @@ extern "C"
*/
int jk_canonenc(const char *x, char *y, int maxlen);
+/**
+ * Unescapes a URL, leaving reserved characters intact.
+ * @param escaped Optional buffer to write the encoded string, can be
+ * NULL, in which case the URL decoding does not actually take place
+ * but the result length of the decoded URL will be returned.
+ * @param url String to be unescaped
+ * @param slen The length of the original url, or -1 to decode until
+ * a terminating '\0' is seen
+ * @param forbid Optional list of forbidden characters, in addition to
+ * 0x00
+ * @param reserved Optional list of reserved characters that will be
+ * left unescaped
+ * @param plus If non zero, '+' is converted to ' ' as per
+ * application/x-www-form-urlencoded encoding
+ * @param len If set, the length of the escaped string will be returned
+ * @return JK_TRUE on success, JK_FALSE if no characters are
+ * decoded or the string is NULL, if a bad escape sequence is
+ * found, or if a character on the forbid list is found.
+ * Implementation copied from APR 1.5.x.
+ */
+int jk_unescape_url(char *const escaped,
+ const char *const url,
+ size_t slen,
+ const char *const forbid,
+ const char *const reserved,
+ const int plus,
+ size_t *len);
+
#ifdef __cplusplus
}
#endif /* __cplusplus */
Modified: tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml?rev=1648934&r1=1648933&r2=1648934&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml Thu Jan 1 20:22:50 2015
@@ -147,6 +147,12 @@
timestamps are formatted according to locale settings and
reencoding them to UTF-8 would be cumbersome. (rjung)
</fix>
+ <fix>
+ <bug>56618</bug>: Status: Use percent decoding when reading
+ query string parameters. For example this fixes editing IPv6
+ addresses via the status worker if the client encodes
+ ":" as "%3A". Patch contributed by Christopher Schultz. (rjung)
+ </fix>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
