Author: rjung
Date: Tue Dec 23 22:11:05 2014
New Revision: 1647684
URL: http://svn.apache.org/r1647684
Log:
PR 54596 part 2: IIS: Fix using relative file names
in config with ".." path segments that go up the
directory hierarchy higher than the starting point
of the relative file name.
This needs more testing. I have only tested
it using themerge code on Unix, because I still
need to recreate a compilation environment for
the ISAPI redirector on Windows.
Modified:
tomcat/jk/trunk/native/iis/jk_isapi_plugin.c
tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
Modified: tomcat/jk/trunk/native/iis/jk_isapi_plugin.c
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/iis/jk_isapi_plugin.c?rev=1647684&r1=1647683&r2=1647684&view=diff
==============================================================================
--- tomcat/jk/trunk/native/iis/jk_isapi_plugin.c (original)
+++ tomcat/jk/trunk/native/iis/jk_isapi_plugin.c Tue Dec 23 22:11:05 2014
@@ -3710,11 +3710,9 @@ static __inline void BS2FSA(char *str)
} \
} while(0)
-static char *relative_path(char *path, size_t size)
+static char *skip_prefix(char *path, char **sp, char **cp)
{
- char *sp;
- char *cp;
- int ch = '/';
+ size_t size;
/* Convert everything to foward slashes
*/
@@ -3744,7 +3742,7 @@ static char *relative_path(char *path, s
return 0;
}
}
- sp = path;
+ *sp = path;
if (size > 1 && path[1] == ':' && IS_DRIVE_CHAR(path[0])) {
/* Never go above C: */
path += 2;
@@ -3756,15 +3754,27 @@ static char *relative_path(char *path, s
/* This is probably //./pipe/ */
return path;
}
- cp = strchr(path + 2, '/');
- if (cp != 0)
- path = cp;
+ *cp = strchr(path + 2, '/');
+ if (*cp != 0)
+ path = *cp;
else {
/* We only have //share
*/
return path;
}
}
+ return path;
+}
+
+static char *relative_path(char *path, int* remain)
+{
+ char *sp;
+ char *cp;
+ int ch = '/';
+
+ path = skip_prefix(path, &sp, &cp);
+ if (!path)
+ return 0;
/* Remaining is the same as on unixes */
cp = path;
while (*path) {
@@ -3789,8 +3799,10 @@ static char *relative_path(char *path, s
cp--;
}
}
- else
+ else {
+ (*remain)++;
break;
+ }
nd--;
}
}
@@ -3812,6 +3824,8 @@ static char *path_merge(const char *root
char *rel;
char *out = 0;
size_t sz;
+ size_t rsz;
+ int remain = 0;
if (root == NULL || path == NULL) {
SetLastError(ERROR_INVALID_PARAMETER );
@@ -3823,8 +3837,30 @@ static char *path_merge(const char *root
return 0;
}
sz = strlen(merge);
+ rsz = strlen(root);
/* Normalize path */
- if ((rel = relative_path(merge, sz))) {
+ if ((rel = relative_path(merge, &remain))) {
+ if (remain > 0) {
+ char *skip = root + rsz - 1;
+ char *spr;
+ char *cpr;
+ char *start = skip_prefix(root, &spr, &cpr);
+ if (*skip == '/')
+ skip--;
+ while (remain > 0 && skip >= start) {
+ if (*skip == '/') {
+ remain--;
+ }
+ skip--;
+ }
+ if (remain > 0) {
+ return "";
+ }
+ if (skip < start) {
+ skip = start;
+ }
+ *++skip = '\0';
+ }
/* one additkional byte for trailing '\0',
* one additional byte for eventual path
* separator between root and merge */
Modified: tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml?rev=1647684&r1=1647683&r2=1647684&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml Tue Dec 23 22:11:05 2014
@@ -108,10 +108,15 @@
recovery attempt. (rjung)
</fix>
<fix>
- <bug>54596</bug>: IIS: Fix missing last character when parsing
+ <bug>54596</bug> part 1: IIS: Fix missing last character when parsing
relative file names with no ".." directory components from
configuration. (rjung)
</fix>
+ <fix>
+ <bug>54596</bug> part 2: IIS: Fix using relative file names in config
+ with ".." path segments that go up the directory hierarchy higher
+ than the starting point of the relative file name. (rjung)
+ </fix>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
