RE: CheckSuspiciousPhysicalPath issue in ASP.Net Framework 1.1 SP1 fix

Anyone able to help at all?

"Leon" wrote:

> Hello all,
>
> I have come across an issue with the fix KB886903 -
> http://www.microsoft.com/technet/security/Bulletin/MS05-004.mspx which is to
> do with the ASP.Net path validation vulnerability. This fix is included
> automatically in SP1 for Windows Server 2003 also, and I have been unable to
> remove it until we can find out how to fix this problem.
>
> The error message is below,
>
> The path contains illegal characters.
> Description: An unhandled exception occurred during the execution of the
> current web request. Please review the stack trace for more information about
> the error and where it originated in the code.
>
> Exception Details: System.ArgumentException: The path contains illegal
> characters.
>
> Source Error:
>
> An unhandled exception was generated during the execution of the current web
> request. Information regarding the origin and location of the exception can
> be identified using the exception stack trace below.
>
> Stack Trace:
>
> [ArgumentException: The path contains illegal characters.]
> System.IO.Path.nGetFullPathHelper(String path, Char[] invalidPathChars,
> Char[] whitespaceChars, Char directorySeparator, Char altDirectorySeparator,
> Char volumeSeparator, Boolean fullCheck, String& newPath) +0
> System.IO.Path.GetFullPathInternal(String path) +165
> System.IO.Path.GetFullPath(String path) +19
> System.Web.HttpApplication.CheckSuspiciousPhysicalPath(String
> physicalPath) +19
> System.Web.Configuration.HttpConfigurationSystem.ComposeConfig(String
> reqPath, IHttpMapPath configmap) +175
> System.Web.HttpContext.GetCompleteConfigRecord(String reqpath,
> IHttpMapPath configmap) +434
> System.Web.HttpContext.GetCompleteConfig() +49
> System.Web.HttpContext.GetConfig(String name) +195
> System.Web.CustomErrors.GetSettings(HttpContext context, Boolean
> canThrow) +20
> System.Web.HttpResponse.ReportRuntimeError(Exception e, Boolean canThrow)
> +39
> System.Web.HttpRuntime.FinishRequest(HttpWorkerRequest wr, HttpContext
> context, Exception e) +486
>
> The issue lies with the request we send within a frame. The requested url is
> in the form http://.../page.aspx/foldera/folderb/|/pic0001
>
> The pipe "|" character is causing us grief. If we put in %7c we still get
> the same error. If you install the KB886903 patch on WinXP or Server2003 this
> error occurs and IIS throws a HTTP500 error. If you uninstall it, it works
> perfectly.
>
> There is little on the internet about this error, and why we are getting it,
> especially since we are not doing anything nasty with the path. Is it because
> the "|" char is in System.Path.IO.InvalidPathChars array? Does this mean that
> any character in this array that is in a request will throw this exception?
>
> Any help would be fantastic, ideas ect - I'm lost as to how to deal with
> this, considering we don't even get to our page before this is throw by
> System.Web.dll. Can we get around it at all? Or will we be forced to change
> the url itself (and how, especially since '|' is fundamental to our webapp)
>
> Thank you - Leon
.