cvs commit: jakarta-tomcat-connectors/jk/native/common jk_uri_worker_map.c

Thu, 27 Sep 2001 03:14:47 -0700 

hgomez      01/09/27 03:42:26

  Modified:    jk/native/common jk_uri_worker_map.c
  Log:
  BackPort security fix from TC 3.3 to J-T-C
  
  Revision  Changes    Path
  1.8       +5 -3      jakarta-tomcat-connectors/jk/native/common/jk_uri_worker_map.c
  
  Index: jk_uri_worker_map.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native/common/jk_uri_worker_map.c,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- jk_uri_worker_map.c       2001/08/06 17:31:45     1.7
  +++ jk_uri_worker_map.c       2001/09/27 10:42:26     1.8
  @@ -67,7 +67,7 @@
    * servlet container.                                                      *
    *                                                                         *
    * Author:      Gal Shachor <[EMAIL PROTECTED]>                           *
  - * Version:     $Revision: 1.7 $                                           *
  + * Version:     $Revision: 1.8 $                                           *
    ***************************************************************************/
   
   #include "jk_pool.h"
  @@ -413,11 +413,11 @@
           unsigned i;
           unsigned best_match = -1;
           unsigned longest_match = 0;
  -        char clean_uri[4096];
  +        char clean_uri = NULL;
           char *url_rewrite = strstr(uri, JK_PATH_SESSION_IDENTIFIER);
           
           if(url_rewrite) {
  -            strcpy(clean_uri, uri);
  +            clean_uri = strdup(uri);
               url_rewrite = strstr(clean_uri, JK_PATH_SESSION_IDENTIFIER);
               *url_rewrite = '\0';
               uri = clean_uri;
  @@ -485,6 +485,7 @@
           }
   
           if(-1 != best_match) {
  +            free(clean_uri);
               return uw_map->maps[best_match]->worker_name;
           } else {
               /*
  @@ -501,6 +502,7 @@
                   jk_log(l, JK_LOG_EMERG, 
                          "In jk_uri_worker_map_t::map_uri_to_worker, found a security 
fraud in '%s'\n",
                          uri);    
  +                free(clean_uri);
                   return uw_map->maps[fraud]->worker_name;
               }
          }

Reply via email to