zydronium/screwturn-4
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Applied workaround for ASP.NET vulnerability.

Browse source
This commit is contained in:
Dario Solera 2010-09-19 09:01:03 +00:00
parent c91d75223e
commit 770cc60d92
5 changed files with 19 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
AssemblyVersion.cs
View file

@ -16,5 +16,5 @@ using System.Reflection;
// //
// You can specify all the values or you can default the Revision and Build Numbers // You can specify all the values or you can default the Revision and Build Numbers
// by using the '*' as shown below: // by using the '*' as shown below:
[assembly: AssemblyVersion("3.0.3.557")] [assembly: AssemblyVersion("3.0.3.558")]
[assembly: AssemblyFileVersion("3.0.3.557")] [assembly: AssemblyFileVersion("3.0.3.558")]

14
WebApplication/Error.aspx.cs
View file

@ -9,6 +9,8 @@ using System.Web.UI;
using System.Web.UI.WebControls; using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts; using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls; using System.Web.UI.HtmlControls;
using System.Security.Cryptography;
using System.Threading;
namespace ScrewTurn.Wiki { namespace ScrewTurn.Wiki {
@ -27,6 +29,18 @@ namespace ScrewTurn.Wiki {
pnlException.Visible = false; pnlException.Visible = false;
} }
Session["LastError"] = null; Session["LastError"] = null;
// Workaround for ASP.NET vulnerability
// http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
byte[] delay = new byte[1];
RandomNumberGenerator prng = new RNGCryptoServiceProvider();
prng.GetBytes(delay);
Thread.Sleep((int)delay[0]);
IDisposable disposable = prng as IDisposable;
if(disposable != null) { disposable.Dispose(); }
} }
} }

1
WebApplication/Web.Release.config
View file

@ -49,6 +49,7 @@
or when rebuilding the search engine index or page links. or when rebuilding the search engine index or page links.
1 hour = 3600 seconds. --> 1 hour = 3600 seconds. -->
<httpRuntime executionTimeout="3600" maxRequestLength="20480"/> <httpRuntime executionTimeout="3600" maxRequestLength="20480"/>
<customErrors mode="On" defaultRedirect="~/Error.aspx" />
<pages enableViewState="true"> <pages enableViewState="true">
<controls> <controls>
<add assembly="Anthem" namespace="Anthem" tagPrefix="anthem"/> <add assembly="Anthem" namespace="Anthem" tagPrefix="anthem"/>

1
WebApplication/Web.SqlServer.Release.config
View file

@ -49,6 +49,7 @@
or when rebuilding the search engine index or page links. or when rebuilding the search engine index or page links.
1 hour = 3600 seconds. --> 1 hour = 3600 seconds. -->
<httpRuntime executionTimeout="3600" maxRequestLength="20480"/> <httpRuntime executionTimeout="3600" maxRequestLength="20480"/>
<customErrors mode="On" defaultRedirect="~/Error.aspx" />
<pages enableViewState="true"> <pages enableViewState="true">
<controls> <controls>
<add assembly="Anthem" namespace="Anthem" tagPrefix="anthem"/> <add assembly="Anthem" namespace="Anthem" tagPrefix="anthem"/>

1
WebApplication/Web.config
View file

@ -49,6 +49,7 @@
or when rebuilding the search engine index or page links. or when rebuilding the search engine index or page links.
1 hour = 3600 seconds. --> 1 hour = 3600 seconds. -->
<httpRuntime executionTimeout="3600" maxRequestLength="20480"/> <httpRuntime executionTimeout="3600" maxRequestLength="20480"/>
<customErrors mode="On" defaultRedirect="~/Error.aspx" />
<pages enableViewState="true"> <pages enableViewState="true">
<controls> <controls>
<add assembly="Anthem" namespace="Anthem" tagPrefix="anthem"/> <add assembly="Anthem" namespace="Anthem" tagPrefix="anthem"/>