svn commit: r1840445 - in /tomcat/jk/trunk/native/common: jk_uri_worker_map.c jk_util.c

Mon, 10 Sep 2018 02:52:47 -0700 

Author: markt
Date: Mon Sep 10 09:52:04 2018
New Revision: 1840445

URL: http://svn.apache.org/viewvc?rev=1840445&view=rev
Log:
Optimize path parameter handling, by centralizing it in jk_servlet_normalize() 
and removing it from map_uri_to_worker_ext()

Modified:
    tomcat/jk/trunk/native/common/jk_uri_worker_map.c
    tomcat/jk/trunk/native/common/jk_util.c

Modified: tomcat/jk/trunk/native/common/jk_uri_worker_map.c
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_uri_worker_map.c?rev=1840445&r1=1840444&r2=1840445&view=diff
==============================================================================
--- tomcat/jk/trunk/native/common/jk_uri_worker_map.c (original)
+++ tomcat/jk/trunk/native/common/jk_uri_worker_map.c Mon Sep 10 09:52:04 2018
@@ -1139,8 +1139,8 @@ const char *map_uri_to_worker_ext(jk_uri
         }
         vhost_len += off;
     }
-    /* Make the copy of the provided uri and strip
-     * everything after the first ';' char.
+    /* Make the copy of the provided uri, check length
+     * and look for potentially unsafe constructs
      */
     uri_len = strlen(uri);
     remain = JK_MAX_URI_LEN - vhost_len;
@@ -1152,15 +1152,11 @@ const char *map_uri_to_worker_ext(jk_uri
             JK_TRACE_EXIT(l);
             return NULL;
         }
-        if (uri[i] == ';')
-            break;
-        else {
-            url[i + vhost_len] = uri[i];
-            if (reject_unsafe && (uri[i] == '%' || uri[i] == '\\')) {
-                jk_log(l, JK_LOG_INFO, "Potentially unsafe request url '%s' 
rejected", uri);
-                JK_TRACE_EXIT(l);
-                return NULL;
-            }
+        url[i + vhost_len] = uri[i];
+        if (reject_unsafe && (uri[i] == '%' || uri[i] == '\\')) {
+            jk_log(l, JK_LOG_INFO, "Potentially unsafe request url '%s' 
rejected", uri);
+            JK_TRACE_EXIT(l);
+            return NULL;
         }
     }
     url[i + vhost_len] = '\0';

Modified: tomcat/jk/trunk/native/common/jk_util.c
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_util.c?rev=1840445&r1=1840444&r2=1840445&view=diff
==============================================================================
--- tomcat/jk/trunk/native/common/jk_util.c (original)
+++ tomcat/jk/trunk/native/common/jk_util.c Mon Sep 10 09:52:04 2018
@@ -2191,8 +2191,23 @@ int jk_servlet_normalize(char *path, jk_
         return JK_NORMALIZE_BAD_PATH;
     }
 
+    /* First pass.
+     * Remove path parameters ;foo=bar/ from any path segment
+     */
+    for (l = 1, w = 1; path[l] != '\0';) {
+        if (path[l] == ';') {
+            l++;
+            while (path[l] != '/' && path[l] != '\0') {
+                l++;
+            }
+        }
+        else
+            path[w++] = path[l++];
+    }
+    path[w] = '\0';
+
     /*
-     * First pass.
+     * Second pass.
      * Collapse ///// sequences to /
      */
     for (l = 1, w = 1; path[l] != '\0';) {
@@ -2204,20 +2219,16 @@ int jk_servlet_normalize(char *path, jk_
     }
     path[w] = '\0';
 
-    /* Second pass.
-     * Remove /./ segments including those with path parameters such as
-     * /.;foo=bar/
+    /* Third pass.
+     * Remove /./ segments
      * Both leading and trailing segments will be removed.
      */
     for (l = 1, w = 1; path[l] != '\0';) {
         if (path[l] == '.' &&
-                (path[l + 1] == '/' || path[l + 1] == ';' || path[l + 1] == 
'\0') &&
+                (path[l + 1] == '/' || path[l + 1] == '\0') &&
                 (l == 0 || path[l - 1] == '/')) {
             l++;
-            while (path[l] != '/' && path[l] != '\0') {
-                l++;
-            }
-            if (path[l] != '\0') {
+            if (path[l] == '/') {
                 l++;
             }
         }
@@ -2226,15 +2237,14 @@ int jk_servlet_normalize(char *path, jk_
     }
     path[w] = '\0';
 
-    /* Third pass.
-     * Remove /xx/../ segments including those with path parameters such as
-     * /xxx/..;foo=bar/
+    /* Fourth pass.
+     * Remove /xx/../ segments
      * Trailing segments will be removed but leading /../ segments are an error
      * condition.
      */
     for (l = 1, w = 1; path[l] != '\0';) {
         if (path[l] == '.' && path[l + 1] == '.' &&
-                (path[l + 2] == '/' || path[l + 2] == ';' || path[l + 2] == 
'\0') &&
+                (path[l + 2] == '/' || path[l + 2] == '\0') &&
                 (l == 0 || path[l - 1] == '/')) {
 
             // Wind w back to remove the previous segment
@@ -2252,10 +2262,7 @@ int jk_servlet_normalize(char *path, jk_
             // Move l forward to the next segment
             l += 2;
 
-            while (path[l] != '/' && path [l] != '\0') {
-                l++;
-            }
-            if (path[l] != '\0') {
+            if (path[l] == '/') {
                 l++;
             }
         }



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to