Author: markt
Date: Tue Aug 21 14:39:03 2018
New Revision: 1838553
URL: http://svn.apache.org/viewvc?rev=1838553&view=rev
Log:
ISAPI: Remove the check that rejects requests that contain path segments that
match WEB-INF or META-INF as it duplicates a check that Tomcat performs and,
because ISAPI does not have visibility of the current context path, it is
impossible to implement this check without valid requests being rejected
Modified:
tomcat/jk/trunk/native/iis/jk_isapi_plugin.c
tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
Modified: tomcat/jk/trunk/native/iis/jk_isapi_plugin.c
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/iis/jk_isapi_plugin.c?rev=1838553&r1=1838552&r2=1838553&view=diff
==============================================================================
--- tomcat/jk/trunk/native/iis/jk_isapi_plugin.c (original)
+++ tomcat/jk/trunk/native/iis/jk_isapi_plugin.c Tue Aug 21 14:39:03 2018
@@ -874,36 +874,6 @@ static char *stristr(const char *s, cons
return ((char *)s);
}
-/*
- * Find the first occurrence of path in uri tokenized by "/".
- * The comparison is done case insensitive.
- */
-static const char *find_path_in_uri(const char *uri, const char *path)
-{
- size_t len = strlen(path);
- while (uri = strchr(uri, '/')) {
- uri++;
- if (!strnicmp(uri, path, len) &&
- (*(uri + len) == '/' ||
- strlen(uri) == len)) {
- return uri;
- }
- }
- return NULL;
-}
-
-static int uri_is_web_inf(const char *uri)
-{
- if (find_path_in_uri(uri, "web-inf")) {
- return JK_TRUE;
- }
- if (find_path_in_uri(uri, "meta-inf")) {
- return JK_TRUE;
- }
-
- return JK_FALSE;
-}
-
static void write_error_response(PHTTP_FILTER_CONTEXT pfc, int err)
{
char status[1024];
@@ -1930,22 +1900,6 @@ static DWORD handle_notify_event(PHTTP_F
isapi_log_data_t *ld;
BOOL rs;
- if (JK_IS_DEBUG_LEVEL(logger))
- jk_log(logger, JK_LOG_DEBUG,
- "check if [%s] points to the web-inf directory",
- uri);
-
- if (uri_is_web_inf(uri)) {
- jk_log(logger, JK_LOG_EMERG,
- "[%s] points to the web-inf or meta-inf directory. "
- "Somebody tries to hack into the site!!!",
- uri);
-
- write_error_response(pfc, 404);
- rv = SF_STATUS_REQ_FINISHED;
- goto cleanup;
- }
-
/* This is a servlet, should redirect ... */
if (JK_IS_DEBUG_LEVEL(logger))
jk_log(logger, JK_LOG_DEBUG,
Modified: tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml?rev=1838553&r1=1838552&r2=1838553&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml Tue Aug 21 14:39:03 2018
@@ -49,6 +49,13 @@
since there has not been a supported version of Netware available for
over five years. (markt)
</update>
+ <fix>
+ <bug>60745</bug>: ISAPI: Remove the check that rejects requests that
+ contain path segments that match WEB-INF or META-INF as it duplicates
+ a check that Tomcat performs and, because ISAPI does not have
visibility
+ of the current context path, it is impossible to implement this check
+ without valid requests being rejected. (markt)
+ </fix>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
