[Mono-dev] : RE: [Mono-patches] r77337 - inbranches/mainsoft/gh20/mcs/class/System.Web: System.WebSystem.Web.Configuration_2.0

Tue May 15 05:34:26 EDT 2007

Hi, Igor.

I believe that you still need to lock the configuration when you add an
element to it. Or is it OK for the WebConfigurationHost instance not to
unique under stress (if there is a race to initialize it).

@@ -186,13 +186,8 @@
 
 			conf = (_Configuration) configurations [path];
 			if (conf == null) {
-				lock (configurations) {
-					conf = (_Configuration)
configurations [path];
-					if (conf == null) {
 						conf =
ConfigurationFactory.Create (typeof (WebConfigurationHost), null, path,
site, locationSubPath, server, userName, password);
 						configurations [path] =
conf;
-					}
-				}
 			}
 			return conf;
 		}

-----Original Message-----
From: mono-patches-bounces at lists.ximian.com
[mailto:mono-patches-bounces at lists.ximian.com] On Behalf Of Igor
Zalmanovich (igorz at mainsoft.com)
Sent: 14 May 2007 11:56
To: mono-patches at lists.ximian.com; ximian.monolist at gmail.com;
mono-svn-patches-garchive-20758 at googlegroups.com
Subject: [Mono-patches] r77337 -
inbranches/mainsoft/gh20/mcs/class/System.Web:
System.WebSystem.Web.Configuration_2.0

Author: igorz
Date: 2007-05-14 05:56:09 -0400 (Mon, 14 May 2007)
New Revision: 77337

Modified:
 
branches/mainsoft/gh20/mcs/class/System.Web/System.Web.Configuration_2.0
/ChangeLog
 
branches/mainsoft/gh20/mcs/class/System.Web/System.Web.Configuration_2.0
/WebConfigurationManager.cs
   branches/mainsoft/gh20/mcs/class/System.Web/System.Web/ChangeLog
 
branches/mainsoft/gh20/mcs/class/System.Web/System.Web/HttpApplication.c
s
Log:
merged r77335-77336

Modified:
branches/mainsoft/gh20/mcs/class/System.Web/System.Web/ChangeLog
===================================================================

--- branches/mainsoft/gh20/mcs/class/System.Web/System.Web/ChangeLog
2007-05-14 09:47:41 UTC (rev 77336)
+++ branches/mainsoft/gh20/mcs/class/System.Web/System.Web/ChangeLog
2007-05-14 09:56:09 UTC (rev 77337)
@@ -1,3 +1,9 @@
+2007-05-14 Igor Zelmanovich <igorz at mainsoft.com>
+
+	* HttpApplication.cs:
+	prevent DOS attack: remove configuration from the cache in case 
+	of invalid resource not exists	
+
 2007-05-14  Vladimir Krasnov  <vladimirk at mainsoft.com>
 
 	* TraceContext.cs: refactoring, cached TraceManager

Modified:
branches/mainsoft/gh20/mcs/class/System.Web/System.Web/HttpApplication.c
s
===================================================================
---
branches/mainsoft/gh20/mcs/class/System.Web/System.Web/HttpApplication.c
s	2007-05-14 09:47:41 UTC (rev 77336)
+++
branches/mainsoft/gh20/mcs/class/System.Web/System.Web/HttpApplication.c
s	2007-05-14 09:56:09 UTC (rev 77337)
@@ -145,6 +145,7 @@
 #else
 		static Exception initialization_exception;
 #endif
+		bool removeConfigurationFromCache;
 #else
 		HandlerFactoryConfiguration factory_config;
 #endif
@@ -641,6 +642,14 @@
 				}
 			}
 			stop_processing = true;
+#if NET_2_0
+			// we want to remove configuration from the
cache in case of 
+			// invalid resource not exists to prevent DOS
attack.
+			HttpException httpEx = e as HttpException;
+			if (httpEx != null && httpEx.GetHttpCode () ==
404) {
+				removeConfigurationFromCache = true;
+			}
+#endif
 		}
 		
 		//
@@ -1096,6 +1105,12 @@
 
 		void PostDone ()
 		{
+#if NET_2_0
+			if (removeConfigurationFromCache) {
+
WebConfigurationManager.RemoveConfigurationFromCache (context);
+				removeConfigurationFromCache = false;
+			}
+#endif
 			Thread th = Thread.CurrentThread;
 #if !TARGET_JVM
 			if (Thread.CurrentPrincipal != prev_user)

Modified:
branches/mainsoft/gh20/mcs/class/System.Web/System.Web.Configuration_2.0
/ChangeLog
===================================================================
---
branches/mainsoft/gh20/mcs/class/System.Web/System.Web.Configuration_2.0
/ChangeLog	2007-05-14 09:47:41 UTC (rev 77336)
+++
branches/mainsoft/gh20/mcs/class/System.Web/System.Web.Configuration_2.0
/ChangeLog	2007-05-14 09:56:09 UTC (rev 77337)
@@ -1,3 +1,9 @@
+2007-05-14  Igor Zelmanovich <igorz at mainsoft.com>
+
+	* WebConfigurationManager.cs: 
+	make configurations synchronized.
+	added new internal method RemoveConfigurationFromCache.
+
 2007-04-19  Marek Habersack  <mhabersack at novell.com>
 
 	* HttpHandlerAction.cs: look up types in all the toplevel

Modified:
branches/mainsoft/gh20/mcs/class/System.Web/System.Web.Configuration_2.0
/WebConfigurationManager.cs
===================================================================
---
branches/mainsoft/gh20/mcs/class/System.Web/System.Web.Configuration_2.0
/WebConfigurationManager.cs	2007-05-14 09:47:41 UTC (rev 77336)
+++
branches/mainsoft/gh20/mcs/class/System.Web/System.Web.Configuration_2.0
/WebConfigurationManager.cs	2007-05-14 09:56:09 UTC (rev 77337)
@@ -45,7 +45,7 @@
 	{
 #if !TARGET_J2EE
 		static IInternalConfigConfigurationFactory
configFactory;
-		static Hashtable configurations = new Hashtable ();
+		static Hashtable configurations = Hashtable.Synchronized
(new Hashtable ());
 #else
 		static internal IInternalConfigConfigurationFactory
configFactory
 		{
@@ -79,7 +79,7 @@
 					lock (AppDomain.CurrentDomain){
 						object initialized =
AppDomain.CurrentDomain.GetData("WebConfigurationManager.configurations.
initialized");
 						if (initialized ==
null){
-							table = new
Hashtable();
+							table =
Hashtable.Synchronized (new Hashtable ());
 							configurations =
table;
 						}
 					}
@@ -186,13 +186,8 @@
 
 			conf = (_Configuration) configurations [path];
 			if (conf == null) {
-				lock (configurations) {
-					conf = (_Configuration)
configurations [path];
-					if (conf == null) {
 						conf =
ConfigurationFactory.Create (typeof (WebConfigurationHost), null, path,
site, locationSubPath, server, userName, password);
 						configurations [path] =
conf;
-					}
-				}
 			}
 			return conf;
 		}
@@ -225,11 +220,7 @@
 
 		public static object GetSection (string sectionName)
 		{
-			string path = (HttpContext.Current != null
-			    && HttpContext.Current.Request != null) ?
-				HttpContext.Current.Request.Path :
HttpRuntime.AppDomainAppVirtualPath;
-
-			return GetSection (sectionName, path);
+			return GetSection (sectionName, GetCurrentPath
(HttpContext.Current));
 		}
 
 		public static object GetSection (string sectionName,
string path)
@@ -243,6 +234,16 @@
 			return get_runtime_object.Invoke (section, new
object [0]);
 		}
 
+		static string GetCurrentPath (HttpContext ctx)
+		{
+			return (ctx != null && ctx.Request != null) ?
ctx.Request.Path : HttpRuntime.AppDomainAppVirtualPath;
+		}
+
+		internal static void RemoveConfigurationFromCache
(HttpContext ctx)
+		{
+			configurations.Remove (GetCurrentPath (ctx));
+		}
+
 		readonly static MethodInfo get_runtime_object = typeof
(ConfigurationSection).GetMethod ("GetRuntimeObject",
BindingFlags.NonPublic | BindingFlags.Instance);
 
 		public static object GetWebApplicationSection (string
sectionName)

_______________________________________________
Mono-patches maillist  -  Mono-patches at lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-patches

