Return-Path: 
 <dev-return-81629-apmail-tomcat-dev-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-dev-archive@www.apache.org
Received: (qmail 201 invoked from network); 4 Jun 2007 12:09:00 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 4 Jun 2007 12:09:00 -0000
Received: (qmail 90241 invoked by uid 500); 4 Jun 2007 12:08:59 -0000
Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org
Received: (qmail 90186 invoked by uid 500); 4 Jun 2007 12:08:58 -0000
Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@tomcat.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@tomcat.apache.org>
List-Post: <mailto:dev@tomcat.apache.org>
List-Id: <dev.tomcat.apache.org>
Reply-To: "Tomcat Developers List" <dev@tomcat.apache.org>
Delivered-To: mailing list dev@tomcat.apache.org
Received: (qmail 90175 invoked by uid 500); 4 Jun 2007 12:08:58 -0000
Delivered-To: apmail-jakarta-tomcat-dev@jakarta.apache.org
Received: (qmail 90172 invoked by uid 99); 4 Jun 2007 12:08:58 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Jun 2007 05:08:58 -0700
X-ASF-Spam-Status: No, hits=-99.5 required=10.0
	tests=ALL_TRUSTED,NO_REAL_NAME
X-Spam-Check-By: apache.org
Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Jun 2007 05:08:54 -0700
Received: by eris.apache.org (Postfix, from userid 65534)
	id 0430D1A981D; Mon,  4 Jun 2007 05:08:34 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r544137 -
 /tomcat/connectors/trunk/jk/native/common/jk_uri_worker_map.c
Date: Mon, 04 Jun 2007 12:08:33 -0000
To: tomcat-dev@jakarta.apache.org
From: mturk@apache.org
X-Mailer: svnmailer-1.1.0
Message-Id: <20070604120834.0430D1A981D@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: mturk
Date: Mon Jun  4 05:08:33 2007
New Revision: 544137

URL: http://svn.apache.org/viewvc?view=rev&rev=544137
Log:
Add simple URI normalizer that can deal with things like %252e%252e. This is mostly copy/paste from the IIS module

Modified:
    tomcat/connectors/trunk/jk/native/common/jk_uri_worker_map.c

Modified: tomcat/connectors/trunk/jk/native/common/jk_uri_worker_map.c
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_uri_worker_map.c?view=diff&rev=544137&r1=544136&r2=544137
==============================================================================
--- tomcat/connectors/trunk/jk/native/common/jk_uri_worker_map.c (original)
+++ tomcat/connectors/trunk/jk/native/common/jk_uri_worker_map.c Mon Jun  4 05:08:33 2007
@@ -36,6 +36,8 @@
 #define JK_STRCMP   strcmp
 #define JK_STRNCMP  strncmp
 #endif
+#define BAD_REQUEST     -1
+#define BAD_PATH        -2
 
 
 static const char *uri_worker_map_source_type[] = {
@@ -47,6 +49,116 @@
     NULL
 };
 
+#define JK_ISXDIGIT(x) isxdigit((int)(unsigned char)((x)))
+
+static char x2c(const char *what)
+{
+    register char digit;
+
+    digit = ((what[0] >= 'A') ?
+             ((what[0] & 0xdf) - 'A') + 10 : (what[0] - '0'));
+    digit *= 16;
+    digit += ((what[1] >= 'A') ?
+              ((what[1] & 0xdf) - 'A') + 10 : (what[1] - '0'));
+    return (digit);
+}
+
+static int unescape_url(char *url)
+{
+    register int x, y, badesc, badpath;
+
+    badesc = 0;
+    badpath = 0;
+    for (x = 0, y = 0; url[y]; ++x, ++y) {
+        if (url[y] != '%')
+            url[x] = url[y];
+        else {
+            if (!JK_ISXDIGIT(url[y + 1]) || !JK_ISXDIGIT(url[y + 2])) {
+                badesc = 1;
+                url[x] = '%';
+            }
+            else {
+                url[x] = x2c(&url[y + 1]);
+                y += 2;
+                if (url[x] == '/' || url[x] == '\0')
+                    badpath = 1;
+            }
+        }
+    }
+    url[x] = '\0';
+    if (badesc)
+        return BAD_REQUEST;
+    else if (badpath)
+        return BAD_PATH;
+    else
+        return 0;
+}
+
+static void normalize_url(char *name)
+{
+    int l, w;
+
+    /* Four paseses, as per RFC 1808 */
+    /* 1. remove ./ path segments */
+
+    for (l = 0, w = 0; name[l] != '\0';) {
+        if (name[l] == '.' && name[l + 1] == '/'
+            && (l == 0 || name[l - 1] == '/'))
+            l += 2;
+        else
+            name[w++] = name[l++];
+    }
+
+    /* 2. remove trailing . path, segment */
+    if (w == 1 && name[0] == '.')
+        w--;
+    else if (w > 1 && name[w - 1] == '.' && name[w - 2] == '/')
+        w--;
+    name[w] = '\0';
+
+    /* 3. remove all xx/../ segments. (including leading ../ and /../) */
+    l = 0;
+
+    while (name[l] != '\0') {
+        if (name[l] == '.' && name[l + 1] == '.' && name[l + 2] == '/' &&
+            (l == 0 || name[l - 1] == '/')) {
+            register int m = l + 3, n;
+
+            l = l - 2;
+            if (l >= 0) {
+                while (l >= 0 && name[l] != '/')
+                    l--;
+                l++;
+            }
+            else
+                l = 0;
+            n = l;
+            while ((name[n] = name[m]) != '\0') {
+                n++;
+                m++;
+            }
+        }
+        else
+            ++l;
+    }
+
+    /* 4. remove trailing xx/.. segment. */
+    if (l == 2 && name[0] == '.' && name[1] == '.')
+        name[0] = '\0';
+    else if (l > 2 && name[l - 1] == '.' && name[l - 2] == '.'
+             && name[l - 3] == '/') {
+        l = l - 4;
+        if (l >= 0) {
+            while (l >= 0 && name[l] != '/')
+                l--;
+            l++;
+        }
+        else
+            l = 0;
+        name[l] = '\0';
+    }
+}
+
 
 /* Return the string representation of the uwr source */
 const char *uri_worker_map_get_source(uri_worker_record_t *uwr, jk_logger_t *l)
@@ -535,6 +647,7 @@
                               const char *uri, jk_logger_t *l)
 {
     unsigned int i;
+    int rc;
     const char *rv = NULL;
     char  url[JK_MAX_URI_LEN+1];
 
@@ -578,6 +691,22 @@
             url[i] = uri[i];
     }
     url[i] = '\0';
+    if (JK_IS_DEBUG_LEVEL(l))
+        jk_log(l, JK_LOG_DEBUG, "Attempting to map original URI '%s' from %d maps",
+               url, uw_map->size);
+    rc = unescape_url(url);
+    if (rc == BAD_REQUEST) {
+        jk_log(l, JK_LOG_INFO, "Invalid request while unescaping original URI '%s'", url);
+        return NULL;
+    }
+    else if (rc == BAD_PATH) {
+        jk_log(l, JK_LOG_INFO, "Invalid path while unescaping URI '%s'", url);
+        return NULL;
+    }
+    normalize_url(url);
+    if (JK_IS_DEBUG_LEVEL(l))
+        jk_log(l, JK_LOG_DEBUG, "Attempting to map normalized URI '%s' from %d maps",
+               url, uw_map->size);
 
     if (JK_IS_DEBUG_LEVEL(l)) {
         char *url_rewrite = strstr(uri, JK_PATH_SESSION_IDENTIFIER);
@@ -585,10 +714,6 @@
             jk_log(l, JK_LOG_DEBUG, "separating session identifier '%s' from url '%s'",
                    url_rewrite, uri);
     }
-    if (JK_IS_DEBUG_LEVEL(l))
-        jk_log(l, JK_LOG_DEBUG, "Attempting to map URI '%s' from %d maps",
-               url, uw_map->size);
-
     for (i = 0; i < uw_map->size; i++) {
         uri_worker_record_t *uwr = uw_map->maps[i];
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org