diff options
| author | Wade Berrier <wade@mono-cvs.ximian.com> | 2007-10-18 01:37:31 +0400 |
|---|---|---|
| committer | Wade Berrier <wade@mono-cvs.ximian.com> | 2007-10-18 01:37:31 +0400 |
| commit | 89e6d7516be31693f695aed9fd8fa5dda77ecafe (patch) | |
| tree | bf545c77e8a4d94ce13a6c4c8f736d144a6081ac | |
| parent | ef21dfa4f165958a8d6e643e67fc2fbdc6a4b193 (diff) | |
Backport r87715 from trunk
svn path=/branches/mono-1-2-5/mcs/; revision=87716
| -rw-r--r-- | mcs/class/System.Web/System.Web/ChangeLog | 14 | ||||
| -rw-r--r-- | mcs/class/System.Web/System.Web/StaticFileHandler.cs | 22 |
2 files changed, 35 insertions, 1 deletions
diff --git a/mcs/class/System.Web/System.Web/ChangeLog b/mcs/class/System.Web/System.Web/ChangeLog index fc0abe32f00..24df9bf6b68 100644 --- a/mcs/class/System.Web/System.Web/ChangeLog +++ b/mcs/class/System.Web/System.Web/ChangeLog @@ -1,3 +1,17 @@ +2007-10-17 Marek Habersack <mhabersack@novell.com> + + * StaticFileHandler.cs: fixed an bug with Mono running under + Windows operating systems which caused XSP to return source of the + requested page if the file name used in the request ended in any + number of spaces or dots. The problem lies in the way the Win32 + subsystem treats such file names - it ignores the trailing + characters and allows the calling application to open a file on + disk even when its name does not contain the trailing characters + used in the open request. Such file names may be supported by the + underlying filesystem (e.g. NTFS) but they are not supported by + the I/O Win32 subsystem. The security issue is reported in + CVE security report CVE-2007-5473. Fixes bug #332401 + 2007-07-22 Vladimir Krasnov <vladimirk@mainsoft.com> * HttpServerUtility.cs: fixed Execute, SetCurrentExePath should be diff --git a/mcs/class/System.Web/System.Web/StaticFileHandler.cs b/mcs/class/System.Web/System.Web/StaticFileHandler.cs index 2d90e43ba2a..224fab57e57 100644 --- a/mcs/class/System.Web/System.Web/StaticFileHandler.cs +++ b/mcs/class/System.Web/System.Web/StaticFileHandler.cs @@ -31,18 +31,38 @@ using System; using System.Globalization; using System.IO; +using System.Web.Util; namespace System.Web { class StaticFileHandler : IHttpHandler { + static bool runningWindows = RunningOnWindows (); + + static bool RunningOnWindows () + { + int pid = (int)Environment.OSVersion.Platform; + return (pid != 4 && pid != 128); + } + + static bool ValidFileName (string fileName) + { + if (!runningWindows) + return true; + + if (fileName == null || fileName.Length == 0) + return false; + + return (!StrUtils.EndsWith (fileName, " ") && !StrUtils.EndsWith (fileName, ".")); + } + public void ProcessRequest (HttpContext context) { HttpRequest request = context.Request; HttpResponse response = context.Response; string fileName = request.PhysicalPath; FileInfo fi = new FileInfo (fileName); - if (!fi.Exists) + if (!fi.Exists || !ValidFileName (fileName)) throw new HttpException (404, "File '" + request.FilePath + "' not found."); if ((fi.Attributes & FileAttributes.Directory) != 0) { |