mturk 2004/12/14 11:19:04
Modified: jk/native/iis jk_isapi_plugin.c
Log:
Fix bug #32696 caused by changing url to lowercase.
Also move checking for web-inf on earlier stage.
Revision Changes Path
1.31 +30 -26 jakarta-tomcat-connectors/jk/native/iis/jk_isapi_plugin.c
Index: jk_isapi_plugin.c
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jk/native/iis/jk_isapi_plugin.c,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- jk_isapi_plugin.c 30 Nov 2004 08:39:44 -0000 1.30
+++ jk_isapi_plugin.c 14 Dec 2004 19:19:04 -0000 1.31
@@ -343,17 +343,22 @@
return JK_TRUE;
}
-static int uri_is_web_inf(char *uri)
+static int uri_is_web_inf(const char *uri)
{
- char *c = uri;
- while (*c) {
- *c = JK_TOLOWER(*c);
- c++;
+ char b[INTERNET_MAX_URL_LENGTH + 1];
+ int i = 0;
+
+ while (*uri) {
+ b[i++] = JK_TOLOWER(*uri);
+ uri++;
+ if (i > (INTERNET_MAX_URL_LENGTH - 1))
+ break;
}
- if (strstr(uri, "web-inf")) {
+ b[i] = '\0';
+ if (strstr(b, "web-inf")) {
return JK_TRUE;
}
- if (strstr(uri, "meta-inf")) {
+ if (strstr(b, "meta-inf")) {
return JK_TRUE;
}
@@ -731,6 +736,23 @@
uri);
worker = map_uri_to_worker(uw_map, uri, logger);
}
+ /*
+ * Check if somebody is feading us with his own TOMCAT data
headers.
+ * We reject such postings !
+ */
+ jk_log(logger, JK_LOG_DEBUG,
+ "check if [%s] is points to the web-inf directory\n",
+ uri);
+
+ if (uri_is_web_inf(uri)) {
+ jk_log(logger, JK_LOG_EMERG,
+ "[%s] points to the web-inf or meta-inf
directory.\nSomebody try to hack into the site!!!\n",
+ uri);
+
+ write_error_response(pfc, "403 Forbidden",
+ "<HTML><BODY><H1>Access is
Forbidden</H1></BODY></HTML>");
+ return SF_STATUS_REQ_FINISHED;
+ }
if (worker) {
char *forwardURI;
@@ -800,24 +822,6 @@
else {
jk_log(logger, JK_LOG_DEBUG,
"[%s] is not a servlet url\n", uri);
- }
-
- /*
- * Check if somebody is feading us with his own TOMCAT data
headers.
- * We reject such postings !
- */
- jk_log(logger, JK_LOG_DEBUG,
- "check if [%s] is points to the web-inf directory\n",
- uri);
-
- if (uri_is_web_inf(uri)) {
- jk_log(logger, JK_LOG_EMERG,
- "[%s] points to the web-inf or meta-inf
directory.\nSomebody try to hack into the site!!!\n",
- uri);
-
- write_error_response(pfc, "403 Forbidden",
- "<HTML><BODY><H1>Access is
Forbidden</H1></BODY></HTML>");
- return SF_STATUS_REQ_FINISHED;
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
