antville/helma
antville/helma
1
1
Fork 0
Code Issues 5 Pull requests 7 Projects Releases 5 Activity Actions

Changed order of reading request properties. Previously, HTTP parameters

Browse source 
where set after HTTP variables/headers, which caused a security problem
with HTTP variables being overridable by parameters. (bug #77)
This commit is contained in:
hns 2002-04-23 16:07:51 +00:00
parent 8ddc2b2e4f
commit c7071ce55d
2 changed files with 102 additions and 92 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

94
src/helma/servlet/AbstractServletClient.java
View file

@ -87,52 +87,8 @@ public abstract class AbstractServletClient extends HttpServlet {
try { try {
if (cookies != null) { // read and set http parameters
for (int i=0; i < cookies.length;i++) try { // get Cookies
String nextKey = cookies[i].getName ();
String nextPart = cookies[i].getValue ();
if ("HopSession".equals (nextKey))
reqtrans.session = nextPart;
else
reqtrans.set (nextKey, nextPart);
} catch (Exception badCookie) {}
}
// check if we need to create a session id
if (reqtrans.session == null) {
reqtrans.session = Long.toString (Math.round (Math.random ()*Long.MAX_VALUE), 16);
reqtrans.session += "@"+Long.toString (System.currentTimeMillis (), 16);
Cookie c = new Cookie("HopSession", reqtrans.session);
c.setPath ("/");
if (cookieDomain != null)
c.setDomain (cookieDomain);
response.addCookie(c);
}
String host = request.getHeader ("Host");
if (host != null) {
host = host.toLowerCase();
reqtrans.set ("http_host", host);
}
String referer = request.getHeader ("Referer");
if (referer != null)
reqtrans.set ("http_referer", referer);
String remotehost = request.getRemoteAddr ();
if (remotehost != null)
reqtrans.set ("http_remotehost", remotehost);
String browser = request.getHeader ("User-Agent");
if (browser != null)
reqtrans.set ("http_browser", browser);
String authorization = request.getHeader("authorization");
if ( authorization != null )
reqtrans.set ("authorization", authorization );
for (Enumeration e = request.getParameterNames(); e.hasMoreElements(); ) { for (Enumeration e = request.getParameterNames(); e.hasMoreElements(); ) {
// Params parsen
String nextKey = (String)e.nextElement(); String nextKey = (String)e.nextElement();
String[] paramValues = request.getParameterValues(nextKey); String[] paramValues = request.getParameterValues(nextKey);
if (paramValues != null) { if (paramValues != null) {
@ -142,6 +98,7 @@ public abstract class AbstractServletClient extends HttpServlet {
} }
} }
// check for MIME file uploads
String contentType = request.getContentType(); String contentType = request.getContentType();
if (contentType != null && contentType.indexOf("multipart/form-data")==0) { if (contentType != null && contentType.indexOf("multipart/form-data")==0) {
// File Upload // File Upload
@ -163,6 +120,53 @@ public abstract class AbstractServletClient extends HttpServlet {
} }
} }
// read cookies
if (cookies != null) {
for (int i=0; i < cookies.length;i++) try {
// get Cookies
String nextKey = cookies[i].getName ();
String nextPart = cookies[i].getValue ();
if ("HopSession".equals (nextKey))
reqtrans.session = nextPart;
else
reqtrans.set (nextKey, nextPart);
} catch (Exception badCookie) {}
}
// check if we need to create a session id
if (reqtrans.session == null) {
reqtrans.session = Long.toString (Math.round (Math.random ()*Long.MAX_VALUE), 16);
reqtrans.session += "@"+Long.toString (System.currentTimeMillis (), 16);
Cookie c = new Cookie("HopSession", reqtrans.session);
c.setPath ("/");
if (cookieDomain != null)
c.setDomain (cookieDomain);
response.addCookie(c);
}
// do standard HTTP variables
String host = request.getHeader ("Host");
if (host != null) {
host = host.toLowerCase();
reqtrans.set ("http_host", host);
}
String referer = request.getHeader ("Referer");
if (referer != null)
reqtrans.set ("http_referer", referer);
String remotehost = request.getRemoteAddr ();
if (remotehost != null)
reqtrans.set ("http_remotehost", remotehost);
String browser = request.getHeader ("User-Agent");
if (browser != null)
reqtrans.set ("http_browser", browser);
String authorization = request.getHeader("authorization");
if ( authorization != null )
reqtrans.set ("authorization", authorization );
// get RMI ref to application and execute request // get RMI ref to application and execute request
IRemoteApp app = getApp (appID); IRemoteApp app = getApp (appID);
ResponseTrans restrans = null; ResponseTrans restrans = null;

88
src/helma/servlet/AcmeServletClient.java
View file

@ -56,47 +56,7 @@ public class AcmeServletClient extends HttpServlet {
try { try {
RequestTrans reqtrans = new RequestTrans (method); RequestTrans reqtrans = new RequestTrans (method);
// HACK - sessions not fully supported in Acme.Serve // read and set http parameters
// Thats ok, we dont need the session object, just the id.
reqtrans.session = request.getRequestedSessionId();
if (cookies != null) {
for (int i=0; i < cookies.length;i++) try { // get Cookies
String nextKey = cookies[i].getName ();
String nextPart = cookies[i].getValue ();
reqtrans.set (nextKey, nextPart);
} catch (Exception badCookie) {}
}
// get optional path info
String pathInfo = request.getServletPath ();
if (pathInfo != null) {
if (pathInfo.indexOf (app.getName()) == 1)
pathInfo = pathInfo.substring (app.getName().length()+1);
reqtrans.path = trim (pathInfo);
} else
reqtrans.path = "";
String host = request.getHeader ("Host");
if (host != null) {
host = host.toLowerCase();
reqtrans.set ("http_host", host);
}
String referer = request.getHeader ("Referer");
if (referer != null)
reqtrans.set ("http_referer", referer);
String remotehost = request.getRemoteAddr ();
if (remotehost != null)
reqtrans.set ("http_remotehost", remotehost);
String browser = request.getHeader ("User-Agent");
if (browser != null)
reqtrans.set ("http_browser", browser);
String authorization = request.getHeader("authorization");
if ( authorization != null )
reqtrans.set ("authorization", authorization );
for (Enumeration e = request.getParameterNames(); e.hasMoreElements(); ) { for (Enumeration e = request.getParameterNames(); e.hasMoreElements(); ) {
// Params parsen // Params parsen
String nextKey = (String)e.nextElement(); String nextKey = (String)e.nextElement();
@ -108,6 +68,7 @@ public class AcmeServletClient extends HttpServlet {
} }
} }
// check for MIME file uploads
String contentType = request.getContentType(); String contentType = request.getContentType();
if (contentType != null && contentType.indexOf("multipart/form-data")==0) { if (contentType != null && contentType.indexOf("multipart/form-data")==0) {
// File Upload // File Upload
@ -129,6 +90,51 @@ public class AcmeServletClient extends HttpServlet {
} }
} }
// HACK - sessions not fully supported in Acme.Serve
// Thats ok, we dont need the session object, just the id.
reqtrans.session = request.getRequestedSessionId();
// get Cookies
if (cookies != null) {
for (int i=0; i < cookies.length;i++) try {
String nextKey = cookies[i].getName ();
String nextPart = cookies[i].getValue ();
reqtrans.set (nextKey, nextPart);
} catch (Exception badCookie) {}
}
// get optional path info
String pathInfo = request.getServletPath ();
if (pathInfo != null) {
if (pathInfo.indexOf (app.getName()) == 1)
pathInfo = pathInfo.substring (app.getName().length()+1);
reqtrans.path = trim (pathInfo);
} else
reqtrans.path = "";
// do standard HTTP variables
String host = request.getHeader ("Host");
if (host != null) {
host = host.toLowerCase();
reqtrans.set ("http_host", host);
}
String referer = request.getHeader ("Referer");
if (referer != null)
reqtrans.set ("http_referer", referer);
String remotehost = request.getRemoteAddr ();
if (remotehost != null)
reqtrans.set ("http_remotehost", remotehost);
String browser = request.getHeader ("User-Agent");
if (browser != null)
reqtrans.set ("http_browser", browser);
String authorization = request.getHeader("authorization");
if ( authorization != null )
reqtrans.set ("authorization", authorization );
ResponseTrans restrans = null; ResponseTrans restrans = null;
restrans = app.execute (reqtrans); restrans = app.execute (reqtrans);
writeResponse (response, restrans, cookies, protocol); writeResponse (response, restrans, cookies, protocol);