File xsp-null-in-url.diff of Package xsp
diff -Nruw old/src/Mono.WebServer/InitialWorkerRequest.cs new/src/Mono.WebServer/InitialWorkerRequest.cs
--- old/src/Mono.WebServer/InitialWorkerRequest.cs 2018-04-05 14:30:32.000000000 +0000
+++ new/src/Mono.WebServer/InitialWorkerRequest.cs 2024-05-28 15:43:05.069271900 +0000
@@ -211,14 +211,14 @@
return false;
}
- int qmark = path.IndexOf ('?');
+ int qmark = path.IndexOf ("?", StringComparison.Ordinal);
if (qmark != -1) {
queryString = path.Substring (qmark + 1);
path = path.Substring (0, qmark);
}
path = GetSafePath (path);
- if (path.StartsWith ("/~/")) {
+ if (path.StartsWith ("/~/", StringComparison.Ordinal)) {
// Not sure about this. It makes request such us /~/dir/file work
path = path.Substring (2);
}
@@ -232,7 +232,7 @@
path = HttpUtility.UrlDecode (path);
path = path.Replace ('\\','/');
- while (path.IndexOf ("//") != -1)
+ while (path.IndexOf ("//", StringComparison.Ordinal) != -1)
path = path.Replace ("//", "/");
string [] parts = path.Split ('/');
diff -Nruw old/src/Mono.WebServer.XSP/XSPApplicationHost.cs new/src/Mono.WebServer.XSP/XSPApplicationHost.cs
--- old/src/Mono.WebServer.XSP/XSPApplicationHost.cs 2018-04-05 14:30:32.000000000 +0000
+++ new/src/Mono.WebServer.XSP/XSPApplicationHost.cs 2024-05-29 16:55:43.851012000 +0000
@@ -64,6 +64,7 @@
localEP, remoteEP, verb, path, queryString,
protocol, inputBuffer, socket, secure);
+ try {
if (secure) {
// note: we're only setting what we use (and not the whole lot)
mwr.AddServerVariable ("CERT_KEYSIZE", ssl.KeySize.ToString (CultureInfo.InvariantCulture));
@@ -95,7 +96,12 @@
mwr.AddServerVariable ("CERT_SERVER_SUBJECT", server.Subject);
}
}
+ } catch (Exception) {
+ SendError (mwr, 500, "Internal Server Error");
+ throw; //< let caller know (and log?) error..
+ }
+ try {
string translated = mwr.GetFilePathTranslated ();
if (path [path.Length - 1] != '/' && Directory.Exists (translated))
redirect = path + '/';
@@ -105,6 +111,10 @@
broker.UnregisterRequest (reqId);
return;
}
+ } catch (Exception) {
+ SendError (mwr, 400, "Bad Request");
+ throw; //< let caller know (and log?) error..
+ }
ProcessRequest (mwr);
}
@@ -131,5 +141,18 @@
wr.FlushResponse (true);
wr.CloseConnection ();
}
+
+ void SendError (XSPWorkerRequest wr, int status, string message)
+ {
+ if (!wr.IsClientConnected () || wr.HeadersSent())
+ goto finish;
+
+ wr.SendStatus (status, message);
+ wr.SendUnknownResponseHeader ("Content-Type", "text/html; charset=utf-8");
+ wr.SendUnknownResponseHeader ("Content-Length", "0");
+ wr.FlushResponse (true);
+ finish:
+ EndOfRequest (wr);
+ }
}
}
diff -Nruw old/src/Mono.WebServer.XSP/XSPWorker.cs new/src/Mono.WebServer.XSP/XSPWorker.cs
--- old/src/Mono.WebServer.XSP/XSPWorker.cs 2020-01-21 19:45:53.000000000 +0000
+++ new/src/Mono.WebServer.XSP/XSPWorker.cs 2024-05-29 16:51:02.943705400 +0000
@@ -142,6 +142,7 @@
// error here.
//
Logger.Write (e);
+ HandleInitialException (e);
return;
}
@@ -159,9 +160,26 @@
broker = (XSPRequestBroker) vapp.RequestBroker;
requestId = broker.RegisterRequest (this);
+ string redirect = string.Empty;
try {
- string redirect;
vapp.Redirect (rdata.Path, out redirect);
+ } catch (FileNotFoundException fnf) {
+ // We print this one, as it might be a sign of a bad deployment
+ // once we require the .exe and Mono.WebServer in bin or the GAC.
+ Logger.Write (fnf);
+ HandleInitialException (fnf);
+ return;
+ } catch (IOException ioe) {
+ // This is ok (including EndOfStreamException)
+ HandleInitialException (ioe);
+ return;
+ } catch (Exception e) {
+ Logger.Write (e);
+ HandleInitialException (e);
+ return;
+ }
+
+ try {
host.ProcessRequest (requestId, localEP,
remoteEP, rdata.Verb,
rdata.Path, rdata.QueryString,
