wcrisman/Brainstorm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modified build script to use jdk 1.7 instead of 1.5 for building the release compile; Added debug output to try to identify the error where interestOps isn't set properly for a socket that isn't yet closed; Fixed index exception in identifying the host.

Browse Source
This commit is contained in:
Wynne Crisman
2016-02-22 10:27:22 -08:00
parent 439eca5e9d
commit 5d9ea7528b
3 changed files with 35 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Foundation Builder/builder/build.xml
View File

@@ -113,7 +113,8 @@
<target name="release-compile" depends="make-dirs"> <target name="release-compile" depends="make-dirs">
<mkdir dir="${archives}/release-bin"/> <mkdir dir="${archives}/release-bin"/>
<javac destdir="${archives}/release-bin" executable="c:/java/jdk1.5/bin/javac" encoding="utf-8" nowarn="true" verbose="no" fork="true" classpath="${swt-releases}/win32-win32-x86/swt.jar;${orb-exception-support};${workspace}/Foundation TCV SWT Client Application/proxies;"> <!--<javac destdir="${archives}/release-bin" executable="c:/java/jdk1.5/bin/javac" encoding="utf-8" nowarn="true" verbose="no" fork="true" classpath="${swt-releases}/win32-win32-x86/swt.jar;${orb-exception-support};${workspace}/Foundation TCV SWT Client Application/proxies;">-->
<javac destdir="${archives}/release-bin" executable="c:/java/jdk1.7/bin/javac" encoding="utf-8" nowarn="true" verbose="no" fork="true" classpath="${swt-releases}/win32-win32-x86/swt.jar;${orb-exception-support};${workspace}/Foundation TCV SWT Client Application/proxies;">
<src path="${workspace}/Common/src"/> <src path="${workspace}/Common/src"/>
<src path="${workspace}/Class File Services/src"/> <src path="${workspace}/Class File Services/src"/>
<src path="${workspace}/Orb/src"/> <src path="${workspace}/Orb/src"/>

2
Foundation Web Core/src/com/foundation/web/server/NetworkListener.java
View File

@@ -238,7 +238,7 @@ public void run() {
}//else if// }//else if//
else { else {
//This shouldn't be called I don't think.// //This shouldn't be called I don't think.//
Debug.log(new RuntimeException("Woops! Somehow we aren't closed and we didn't setup the interestOps for the HTTP socket!")); Debug.log(new RuntimeException("Woops! Somehow we aren't closed and we didn't setup the interestOps for the HTTP socket! {" + context.toString() + "}"));
}//else// }//else//
}//finally// }//finally//
}//run()// }//run()//

54
Foundation Web Core/src/com/foundation/web/server/SocketContext.java
View File

@@ -1259,32 +1259,36 @@ private boolean processRequestedHost(ByteBuffer fragment) throws IOException {
totalHeaderSize++; totalHeaderSize++;
}//while// }//while//
//If we have the minimum number of bytes and the last bytes are a line end, then check the line for "Host: xxxxxxx\r\n" //If we have a full line...
String line = buffer.toString().substring(0, buffer.length() - 2).trim(); if(buffer.length() > 1 && (buffer.charAt(buffer.length() - 2) == '\r') && (buffer.charAt(buffer.length() - 1) == '\n')) {
if(line.startsWith("Host: ")) { //If we have the minimum number of bytes and the last bytes are a line end, then check the line for "Host: xxxxxxx\r\n"
int colonIndex; String line = buffer.toString().substring(0, buffer.length() - 2).trim();
host = line.substring(6).trim(); if(line.startsWith("Host: ")) {
colonIndex = host.indexOf(':'); int colonIndex;
host = line.substring(6).trim();
colonIndex = host.indexOf(':');
if(colonIndex > 0) {
host = host.substring(0, colonIndex);
}//if//
}//if//
if(colonIndex > 0) { if(host == null) {
host = host.substring(0, colonIndex); if(buffer.length() == 2) {
//End of the header reached. No host provided. Kill the connection?//
//Force the connection to the client to be closed.//
close();
//Throw an exception that should not be logged. This happens occationally when an attacker tries to exploit any header reading weaknesses (all major browsers send a host header).//
throw new IgnoredIOException(null);
}//if//
else {
//Clear the line.//
buffer.setLength(0);
}//else//
}//if// }//if//
}//if// }//if//
if(host == null) {
if(buffer.length() == 2) {
//End of the header reached. No host provided. Kill the connection?//
//Force the connection to the client to be closed.//
close();
//Throw an exception that should not be logged. This happens occationally when an attacker tries to exploit any header reading weaknesses (all major browsers send a host header).//
throw new IgnoredIOException(null);
}//if//
else {
//Clear the line.//
buffer.setLength(0);
}//else//
}//if//
}//while// }//while//
//If we found the complete first line of the header before running out of bytes, then identify the application.// //If we found the complete first line of the header before running out of bytes, then identify the application.//
@@ -2237,4 +2241,10 @@ private int indexOf(byte[] source, byte[] pattern, int fromOffset) {
return result; return result;
}//indexOf()// }//indexOf()//
/* (non-Javadoc)
* @see java.lang.Object#toString()
*/
public String toString() {
return "Domain: " + domain + "; SSL: " + (sslEngine != null) + "; Websocket: " + isWebsocket;
}//toString()//
}//SocketContext// }//SocketContext//