ISAPI and parameter passing

Question

User-691911558 posted

Windows Server 2012 R2 with IIS 8.5

ISAPI extension 

Version 1:

ON_PARSE_COMMAND(myfunction, CxxxExtension, IT_PSTR)
void CsxxxExtension::myfunction( CHttpServerContext* pCtxt, char* params)

Result: Works fine, but intermittent heap error in case of parallel requests, occuring each 3-7 days in a productive environment. 
After days of analysis: it seems that the url-decoding of %xx in ISAPI-MFC (file isapi.cpp) assumes ending 0 in the parameter string, which intermittently (after several hundred parallel requests, three active threads) is not the case. MFC routine then overwrites heap control blocks and we obtain a break with _ASSERTE( _CrtCheckMemory());.

This is why we switched to IT_RAW:

Version 2:

ON_PARSE_COMMAND(myfunction, CxxxExtension, IT_RAW)
void CxxxExtension::myfunction( CHttpServerContext* pCtxt, void* pVoid, DWORD dwBytes)

Problem: dwBytes does not point behind the string value given in pVoid, but around 20 Byes more, covering the next block in heap. It looks like the length of "MfcISAPICommand=myfunction" in the URL query string is not subtracted from dwBytes.
Moreover, no reliable ending 0 at end of string pVoid. So it is necessary to "guess" the real end of pVoid data.

We now live with Version 2. Quite unsatisfying situation. How can it be that such bugs are hidden in a relatively old and proven technology like ISAPI? Any hints what we could have done wrong?

Our ISAPI extensiondll is compiled with  /MT and uses the standard Windows MFC libraries.

PS  on   October 11, 2018
I'm not sure whether the version of "isapi.cpp" which I found in internet is still the one Microsoft uses to build the MFCfiles. But in this version the error is quite clear:

// coding from isapi.cpp:

if (*pb == IT_RAW)
...
pStack = StoreRawStackParameter(pStack, IT_PSTR, pbParam);
pStack = StoreRawStackParameter(pStack, IT_I4,
(BYTE*) &(pCtxt->m_dwBytesReceived));

which means that the total length of the query string is passed to "myfunction",but pbParam already proints behind the first part of the query string which is "MfcISAPICommand=myfunction".
 

Answer 1

User-667717842 posted

The ISAPI project template has been removed in visual studio 2005. There is an article explain this: https://support.microsoft.com/en-us/help/910382/explains-that-you-cannot-find-the-mfc-isapi-extension-dll-template-und. This is by design. If you find bugs. Product team may be not have plan to fix it. It is also hard for us to reproduce and troubleshot this type issue. Currently, ISAPI extensions were analogous to HttpHandlers. If you are looking to extend web server functionality, I would suggest you use handler instead.

Answer 2

User-691911558 posted
Thanks for your reply.
I know that Microsoft removed the ISAPI template in VS2005. But the bug concerns the ISAPI runtime which is contained in all IIS releases including IIS 10 in Windows 10. ISAPI also is the IIS mechanism used in ASP.NET and PHP.
You write 'If you find bugs product team may be not have plans to fix it.' Does this mean that ISAPI runtime is no longer supported? If yes, according to which MS announcement?
You write 'It is also hard for us to reproduce and troubleshoot this type oft issue'. I agree on that but this is part of our job, isn't it?
It seems that our only realistic chance to motivate MS to look at this problem is to have a test case for the Intermittent heap exception in a pure ASP.NET environment.

Answer 3

User690216013 posted

You can see the official examples are MFC free, https://github.com/Microsoft/Windows-classic-samples/tree/master/Samples/Win7Samples/web/iis That's what they mean by retiring the old VS template.

Answer 4

User-691911558 posted

Thanks fo the link, Lex. We will change our dll to ISAPI without MFC hoping that this will cure the heap problem. I*ll report the outcome in this thread.