from:"Justin Kennedy"

Re: modify request_rec->args

2016-03-25 Thread Justin Kennedy

I was able to get it to work, by modifying r->args directly. Not sure why
changing the pointer didn't work, but maybe there was a flaw in my testing.
Thanks for the help.

On 25 March 2016 at 11:24, Eric Covener <cove...@gmail.com> wrote:

> On Fri, Mar 25, 2016 at 10:22 AM, Justin Kennedy
> <jus...@justinkennedy.ca> wrote:
> > The plan is for the module to do other things, this is just the first
> step.
> > Any suggestions? Thank you.
>
>
> It should work. Who sees the unchanged query string? I think it exists
> in apr_uri_t form somewhere too.
>
> --
> Eric Covener
> cove...@gmail.com
>

Re: modify request_rec->args

2016-03-25 Thread Justin Kennedy

Hi Sorin,

The plan is for the module to do other things, this is just the first step.
Any suggestions? Thank you.

On 25 March 2016 at 05:30, Sorin Manolache <sor...@gmail.com> wrote:

> On 2016-03-25 00:59, Justin Kennedy wrote:
>
>> Hello,
>>
>> I have a simple module, with just a quick_hander, it's sole function is to
>> check if there is a specific key=value on the query string, and modify the
>> value, so it gets picked up by a separate module.
>>
>> For example: if "foo=1" is in r->args, then replace it with "foo=0",
>> decline the request so it gets picked up by the other module.
>>
>> In my first attempt, I created a new string and assigned the pointer to
>> r->args, but it doesn't seem to "stick" when it gets to the second module.
>> Do I have to modify r->args directly, without changing the pointer? It's
>> been awhile since I've worked with C strings.
>>
>>
> You don't need a module to do that. You can use some mod_rewrite
> directives that you place inside your  or :
>
> RewriteEngine On
>
> RewriteCond %{QUERY_STRING} ^(|.*&)foo=([^&]*)(&.*|$)
> RewriteRule (.*) $1?%1foo=new_value%3
>
> --
> Sorin
>
>


-- 
Justin Kennedy
Software Developer
506 645 1195
888 406 0624

modify request_rec->args

2016-03-24 Thread Justin Kennedy

Hello,

I have a simple module, with just a quick_hander, it's sole function is to
check if there is a specific key=value on the query string, and modify the
value, so it gets picked up by a separate module.

For example: if "foo=1" is in r->args, then replace it with "foo=0",
decline the request so it gets picked up by the other module.

In my first attempt, I created a new string and assigned the pointer to
r->args, but it doesn't seem to "stick" when it gets to the second module.
Do I have to modify r->args directly, without changing the pointer? It's
been awhile since I've worked with C strings.

Thank you,

-Justin

"hello world" module crashes 2.4 on CentOS 6.7

2016-03-10 Thread Justin Kennedy

Good day,

I have a pretty simple module that is crashing my server as soon as I
dereference a pointer that comes from the request_rec pool.

This is on CentOS 6.7, with Apache 2.4 compiled. It's a fresh VM on AWS.
The module was compiled with apxs. The code is listed below. The output I
get in the log files is:

[Date...] [:error] [client ] [pid ...] ***--- not nulll

[Date...] [core:notice] [pid ...] AH00052: child pid 1365 exit signal
Segmentation fault (11)

 CODE 
#include 

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

#define EXAMPLE_NAME "mod_example"

static int example_handler(request_rec *r)
{
  const char *url;

  url = apr_psprintf(r->pool, "%s", "test");

  if(url == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "***--- null");
  } else {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "***--- not nulll");
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "***--- url is: %s", url);
  }
  ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "***--- done ");

  return DECLINED;
}

static void example_register_hooks(apr_pool_t *pool)
{
ap_hook_handler(example_handler, NULL, NULL, APR_HOOK_LAST);
}

module AP_MODULE_DECLARE_DATA example_module = {
STANDARD20_MODULE_STUFF,
NULL,
NULL,
NULL,
NULL,
NULL,
example_register_hooks
};

Any help is appreciated.

-Justin

server directives are lost when activating module in vhost

2015-10-21 Thread Justin Kennedy

Greetings,

I have these two directives specified in the root httpd.conf:
ServerTokens Prod
ServerSignature Off

Those directives are being honored and all is well, until I activate my
module within a virtual host. Once that happens, these directives are
ignored.

Is it possible for my module to be interfering with the other directives
outside of my module configuration? If so, I'm thinking this could this be
happening in my merge configuration hook, even though I only deal with
directives related to my module.

Any ideas?

For debugging, it would be helpful if I could output the value of this
directive in the various methods of my module. How can I access the value
of this directive from within my module?

Thank you,

-- 
Justin

Re: Preventing Path Traversal Attack

2014-12-08 Thread Justin Kennedy

HI Yann,

The variable r is the request_rec that is passed into the module's
handler hook. Based on my testing, r-unparsed_uri does indeed have a space
(it's not encoded to %20).

I need to compare against an unparsed URI because r-uri is vulnerable to a
path traversal attack. For instance, this:
http://abc.me/unprotected_path/../protected_path
becomes:
http://abc.me/protected_path

Maybe I'm going about it the wrong way, so I'm hoping for some guidance
from more experienced developers.

Thank you,

On Thu, Dec 4, 2014 at 6:33 PM, Yann Ylavic ylavic@gmail.com wrote:

 Hello,

 On Thu, Dec 4, 2014 at 4:20 PM, Justin Kennedy
 jkenn...@pingidentity.com wrote:
  Here is the code in question:
 
  /* ensure r-uri and r-unparsed_uri are similar to prevent path
 traversal
  attacks */
 
unparsed_uri = apr_pstrdup(r-pool, r-unparsed_uri);
 
  /* get the unparsed base uri (everything up to '?') */
unparsed_uri_base = apr_strtok(unparsed_uri, ?, buf);
 
buf = strstr(r-uri, unparsed_uri_base);
 
  /*** ISSUE: If there is a space in the URL then r-uri will have the
  encoded space as %20 and r-unparsed_uri will not */

 There can't be a space in the HTTP URL received by httpd, the space
 must %20-escaped (urlencoded) by the client to form a valid HTTP
 request line.
 Hence both r-unparsed_uri and r-uri should have the %20 (see
 read_request_line() and ap_parse_uri()), unlike r-parsed_uri.path
 which is later ap_unescape()d in ap_process_request_internal(), where
 r-uri is also sanitized against all forms dot-slashes.

 
/* compare unparsed base with parsed uri */
if(buf == NULL || strlen(r-uri) != strlen(buf)) {

 Where does this r-uri come from?

  error(
cfg,
Malformed URI
  );
  return HTTP_INTERNAL_SERVER_ERROR;
}

 Regards,
 Yann.




-- 
   [image: Ping Identity logo] https://www.pingidentity.com/
Justin Kennedy
Sr. Development Engineer
  @ jkenn...@pingidentity.com  [image: phone] +1 604.697.7055  Connect with
us…  [image: twitter logo] https://twitter.com/pingidentity [image:
youtube logo] https://www.youtube.com/user/PingIdentityTV [image:
LinkedIn logo] https://www.linkedin.com/company/21870 [image: Facebook
logo] https://www.facebook.com/pingidentitypage [image: Google+ logo]
https://plus.google.com/u/0/114266977739397708540 [image: slideshare logo]
http://www.slideshare.net/PingIdentity [image: flipboard logo]
http://flip.it/vjBF7 [image: rss feed icon]
https://www.pingidentity.com/blogs/

Preventing Path Traversal Attack

2014-12-04 Thread Justin Kennedy

Good day,

In my handler hook I've implemented some code in an attempt to prevent this
attack. Unfortunately it doesn't take into account that there might be
spaces in the URL. Has anyone already overcome this or can provide a proper
solution?

Here is the code in question:

/* ensure r-uri and r-unparsed_uri are similar to prevent path traversal
attacks */

  unparsed_uri = apr_pstrdup(r-pool, r-unparsed_uri);

/* get the unparsed base uri (everything up to '?') */
  unparsed_uri_base = apr_strtok(unparsed_uri, ?, buf);

  buf = strstr(r-uri, unparsed_uri_base);

/*** ISSUE: If there is a space in the URL then r-uri will have the
encoded space as %20 and r-unparsed_uri will not */

  /* compare unparsed base with parsed uri */
  if(buf == NULL || strlen(r-uri) != strlen(buf)) {
error(
  cfg,
  Malformed URI
);
return HTTP_INTERNAL_SERVER_ERROR;
  }

-- 
   [image: Ping Identity logo] https://www.pingidentity.com/
Justin Kennedy
Sr. Development Engineer
  @ jkenn...@pingidentity.com  [image: phone] +1 604.697.7055  Connect with
us…  [image: twitter logo] https://twitter.com/pingidentity [image:
youtube logo] https://www.youtube.com/user/PingIdentityTV [image:
LinkedIn logo] https://www.linkedin.com/company/21870 [image: Facebook
logo] https://www.facebook.com/pingidentitypage [image: Google+ logo]
https://plus.google.com/u/0/114266977739397708540 [image: slideshare logo]
http://www.slideshare.net/PingIdentity [image: flipboard logo]
http://flip.it/vjBF7 [image: rss feed icon]
https://www.pingidentity.com/blogs/

Re: modify request_rec->args

Re: modify request_rec->args

modify request_rec->args

"hello world" module crashes 2.4 on CentOS 6.7

server directives are lost when activating module in vhost

Re: Preventing Path Traversal Attack

Preventing Path Traversal Attack

7 matches

Site Navigation

Mail list logo

Footer information