tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Palle Girgensohn <gir...@pingpong.net>
Subject Re: mod_jk && multiple slashes reveals jsp code
Date Wed, 25 Jun 2003 02:01:49 GMT
setup:

FreeBSD 4.8-RELEASE, apache 1.3.27 w/ mod-ssl 2.8.14, mod_jk 1.2.3 and 
1.2.4. Tomcat version is irrelevant since the request never leaves apache, 
but anyway, it is tomcat 3.3.1a.

JkMount /pp/system/*jsp

[Wed Jun 25 01:32:48 2003]  [jk_uri_worker_map.c (460)]: Into 
jk_uri_worker_map_t::map_uri_to_worker
[Wed Jun 25 01:32:48 2003]  [jk_uri_worker_map.c (477)]: Attempting to map 
URI '/pp/entrance/login.jsp'
[Wed Jun 25 01:32:48 2003]  [jk_uri_worker_map.c (558)]: 
jk_uri_worker_map_t::map_uri_to_worker, Found a suffix match tomcat -> *.jsp
[Wed Jun 25 01:33:14 2003]  [jk_uri_worker_map.c (460)]: Into 
jk_uri_worker_map_t::map_uri_to_worker
[Wed Jun 25 01:33:14 2003]  [jk_uri_worker_map.c (477)]: Attempting to map 
URI '//pp/entrance/login.jsp'
[Wed Jun 25 01:33:14 2003]  [jk_uri_worker_map.c (599)]: 
jk_uri_worker_map_t::map_uri_to_worker, done without a match

map_uri_to_worker just makes an exact match, in my case "//pp/system" 
against "/pp/system/", actually on line 485:

            if(0 == strncmp(uwr->context,
                            uri,
                            uwr->ctxt_len)) {

double slashes after /pp/system/ are OK, they will be sent on to tomcat, 
which has code to handle this.

I enclose a lazy patch that makes double slashes in any request to a jsp 
file, up to the length of the configured context, to be classed as a 
security fraud. This will make mod_jk handle this request to tomcat anyway. 
Note that in the example above, this means that tomcat will get any request 
to a jsp file where there is double slashes in the first 12 characters 
(12==strlen("/pp/system/");). Of course, tomcat will issue a 404 if it has 
no file to serve, but without this patch, apache would do the 404 in that 
case. AFAIK, this hardly matters, but confuse someone? Confusion is 
probably less than without the patch, though... ;-)

Cheers,
Palle

--On tisdag, juni 24, 2003 19.51.43 +0200 Yann C├ębron <yannc76@yahoo.de> 
wrote:

> Hello Palle,
>
> I can confirm this bug on Win2K using Apache 2.0.44 with TC4.1.24 and
> setting mod_jk to auto-config. What's your exact setup regarding mod_jk ?
>
> Greetings,
>
> 	Yann
>
>




Mime
View raw message