* WebConfigurationManager.cs:
make configurations synchronized.
added new internal method RemoveConfigurationFromCache.
* HttpApplication.cs:
prevent DOS attack: remove configuration from the cache in case
of invalid resource not exists
svn path=/trunk/mcs/; revision=77336
+2007-05-14 Igor Zelmanovich <igorz@mainsoft.com>
+
+ * WebConfigurationManager.cs:
+ make configurations synchronized.
+ added new internal method RemoveConfigurationFromCache.
+
2007-05-07 Marek Habersack <mhabersack@novell.com>
* PagesSection.cs: buffering is on by default.
2007-05-07 Marek Habersack <mhabersack@novell.com>
* PagesSection.cs: buffering is on by default.
{
#if !TARGET_J2EE
static IInternalConfigConfigurationFactory configFactory;
{
#if !TARGET_J2EE
static IInternalConfigConfigurationFactory configFactory;
- static Hashtable configurations = new Hashtable ();
+ static Hashtable configurations = Hashtable.Synchronized (new Hashtable ());
#else
static internal IInternalConfigConfigurationFactory configFactory
{
#else
static internal IInternalConfigConfigurationFactory configFactory
{
lock (AppDomain.CurrentDomain){
object initialized = AppDomain.CurrentDomain.GetData("WebConfigurationManager.configurations.initialized");
if (initialized == null){
lock (AppDomain.CurrentDomain){
object initialized = AppDomain.CurrentDomain.GetData("WebConfigurationManager.configurations.initialized");
if (initialized == null){
- table = new Hashtable();
+ table = Hashtable.Synchronized (new Hashtable ());
configurations = table;
}
}
configurations = table;
}
}
conf = (_Configuration) configurations [path];
if (conf == null) {
conf = (_Configuration) configurations [path];
if (conf == null) {
- lock (configurations) {
- conf = (_Configuration) configurations [path];
- if (conf == null) {
conf = ConfigurationFactory.Create (typeof (WebConfigurationHost), null, path, site, locationSubPath, server, userName, password);
configurations [path] = conf;
conf = ConfigurationFactory.Create (typeof (WebConfigurationHost), null, path, site, locationSubPath, server, userName, password);
configurations [path] = conf;
public static object GetSection (string sectionName)
{
public static object GetSection (string sectionName)
{
- string path = (HttpContext.Current != null
- && HttpContext.Current.Request != null) ?
- HttpContext.Current.Request.Path : HttpRuntime.AppDomainAppVirtualPath;
-
- return GetSection (sectionName, path);
+ return GetSection (sectionName, GetCurrentPath (HttpContext.Current));
}
public static object GetSection (string sectionName, string path)
}
public static object GetSection (string sectionName, string path)
return get_runtime_object.Invoke (section, new object [0]);
}
return get_runtime_object.Invoke (section, new object [0]);
}
+ static string GetCurrentPath (HttpContext ctx)
+ {
+ return (ctx != null && ctx.Request != null) ? ctx.Request.Path : HttpRuntime.AppDomainAppVirtualPath;
+ }
+
+ internal static void RemoveConfigurationFromCache (HttpContext ctx)
+ {
+ configurations.Remove (GetCurrentPath (ctx));
+ }
+
readonly static MethodInfo get_runtime_object = typeof (ConfigurationSection).GetMethod ("GetRuntimeObject", BindingFlags.NonPublic | BindingFlags.Instance);
public static object GetWebApplicationSection (string sectionName)
readonly static MethodInfo get_runtime_object = typeof (ConfigurationSection).GetMethod ("GetRuntimeObject", BindingFlags.NonPublic | BindingFlags.Instance);
public static object GetWebApplicationSection (string sectionName)
+2007-05-14 Igor Zelmanovich <igorz@mainsoft.com>
+
+ * HttpApplication.cs:
+ prevent DOS attack: remove configuration from the cache in case
+ of invalid resource not exists
+
2007-05-14 Vladimir Krasnov <vladimirk@mainsoft.com>
* TraceContext.cs: refactoring, cached TraceManager
2007-05-14 Vladimir Krasnov <vladimirk@mainsoft.com>
* TraceContext.cs: refactoring, cached TraceManager
#else
static Exception initialization_exception;
#endif
#else
static Exception initialization_exception;
#endif
+ bool removeConfigurationFromCache;
}
}
stop_processing = true;
}
}
stop_processing = true;
+#if NET_2_0
+ // we want to remove configuration from the cache in case of
+ // invalid resource not exists to prevent DOS attack.
+ HttpException httpEx = e as HttpException;
+ if (httpEx != null && httpEx.GetHttpCode () == 404) {
+ removeConfigurationFromCache = true;
+ }
+#endif
+#if NET_2_0
+ if (removeConfigurationFromCache) {
+ WebConfigurationManager.RemoveConfigurationFromCache (context);
+ removeConfigurationFromCache = false;
+ }
+#endif
Thread th = Thread.CurrentThread;
#if !TARGET_JVM
if (Thread.CurrentPrincipal != prev_user)
Thread th = Thread.CurrentThread;
#if !TARGET_JVM
if (Thread.CurrentPrincipal != prev_user)