Author: mturk
Date: Thu Mar 15 03:17:06 2007
New Revision: 518560
URL: http://svn.apache.org/viewvc?view=rev&rev=518560
Log:
Check if the web-inf is under the mapped context.
If not we don't care for security, cause it is not
for Tomcat. Also bring back HSE_REQ_SEND_RESPONSE_HEADER instead
HSE_REQ_SEND_RESPONSE_HEADER_EX.
Modified:
tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c
Modified: tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c
URL:
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c?view=diff&rev=518560&r1=518559&r2=518560
==============================================================================
--- tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c (original)
+++ tomcat/connectors/trunk/jk/native/iis/jk_isapi_plugin.c Thu Mar 15 03:17:06
2007
@@ -534,8 +534,8 @@
int rv = JK_TRUE;
isapi_private_data_t *p = s->ws_private;
if (!p->request_started) {
- HSE_SEND_HEADER_EX_INFO hi;
char *status_str;
+ DWORD status_str_len;
char *headers_str = NULL;
BOOL keep_alive = FALSE;
p->request_started = JK_TRUE;
@@ -548,14 +548,13 @@
}
status_str = (char *)malloc((6 + strlen(reason)));
StringCbPrintf(status_str, 6 + strlen(reason), "%d %s", status,
reason);
- hi.pszStatus = status_str;
- hi.cchStatus = (DWORD)strlen(status_str);
+ status_str_len = (DWORD)strlen(status_str);
/*
* Create response headers string
*/
if (num_of_headers) {
- size_t i, len_of_headers;
+ size_t i, len_of_headers = 0;
for (i = 0, len_of_headers = 0; i < num_of_headers; i++) {
len_of_headers += strlen(header_names[i]);
len_of_headers += strlen(header_values[i]);
@@ -573,20 +572,20 @@
StringCbCat(headers_str, len_of_headers, crlf);
}
StringCbCat(headers_str, len_of_headers, crlf);
- hi.pszHeader = headers_str;
- hi.cchHeader = (DWORD)strlen(headers_str);
}
else {
- hi.pszHeader = crlf;
- hi.cchHeader = 2;
+ headers_str = crlf;
}
- hi.fKeepConn = keep_alive;
+
if (!p->lpEcb->ServerSupportFunction(p->lpEcb->ConnID,
-
HSE_REQ_SEND_RESPONSE_HEADER_EX,
- &hi,
- NULL, NULL)) {
+ HSE_REQ_SEND_RESPONSE_HEADER,
+ status_str,
+ &status_str_len,
+ (LPDWORD)headers_str)) {
+
jk_log(logger, JK_LOG_ERROR,
- "HSE_REQ_SEND_RESPONSE_HEADER_EX failed");
+ "HSE_REQ_SEND_RESPONSE_HEADER failed with error=%08x",
+ GetLastError());
rv = JK_FALSE;
}
if (headers_str)
@@ -887,23 +886,24 @@
* Check if somebody is feading us with his own TOMCAT data
headers.
* We reject such postings !
*/
- if (JK_IS_DEBUG_LEVEL(logger))
- jk_log(logger, JK_LOG_DEBUG,
- "check if [%s] is points to the web-inf directory",
- uri);
+ if (worker) {
+ char *forwardURI;
- if (uri_is_web_inf(uri)) {
- jk_log(logger, JK_LOG_EMERG,
- "[%s] points to the web-inf or meta-inf
directory.\nSomebody try to hack into the site!!!",
- uri);
+ if (JK_IS_DEBUG_LEVEL(logger))
+ jk_log(logger, JK_LOG_DEBUG,
+ "check if [%s] is points to the web-inf directory",
+ uri);
- write_error_response(pfc, "404 Not Found",
- HTML_ERROR_404);
- return SF_STATUS_REQ_FINISHED;
- }
+ if (uri_is_web_inf(uri)) {
+ jk_log(logger, JK_LOG_EMERG,
+ "[%s] points to the web-inf or meta-inf directory. "
+ "Somebody try to hack into the site!!!",
+ uri);
- if (worker) {
- char *forwardURI;
+ write_error_response(pfc, "404 Not Found",
+ HTML_ERROR_404);
+ return SF_STATUS_REQ_FINISHED;
+ }
/* This is a servlet, should redirect ... */
if (JK_IS_DEBUG_LEVEL(logger))
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
