tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Larry Isaacs <Larry.Isa...@sas.com>
Subject RE: Bug in safe url parsing
Date Tue, 05 Feb 2002 20:01:53 GMT
This looks good to me.  Also, CharChunk looks like it has
the same problem.  Could you go ahead and fix that
on as well.  Thanks.

Cheers,
Larry

> -----Original Message-----
> From: Keith Wannamaker [mailto:Keith@Wannamaker.org]
> Sent: Tuesday, February 05, 2002 12:45 PM
> To: Tomcat Developers List
> Cc: larryi@apache.org
> Subject: Bug in safe url parsing
> 
> 
> Greetings,
> 
> There is a bug in ByteChunk.indexOf which manifests itself
> in the safe url parsing.  That is, BC.indexOf returns an
> offset relative to the start of the byte buffer, rather
> than the internal starting point.
> 
> So, when safe url checks for indexOf('%'), depending on the
> length of the method name, a number of %'s at the beginning
> of the URL may be missed.
> 
> So, the following URLs would be tagged as safe (currently):
> GET /wannamak/%25%5C
> 
> A quick fix is to use indexOf("%"), which converts the
> relevant part of the byte array to a string, so the offset
> is correct.
> 
> However, I think that it would be better to correct BC.indexOf
> in the following manner:
> 
> Index: ByteChunk.java
> ===================================================================
> RCS file: 
> /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/buf/ByteChun
> k.java,v
> retrieving revision 1.8
> diff -u -r1.8 ByteChunk.java
> --- ByteChunk.java      19 Jul 2001 05:49:02 -0000      1.8
> +++ ByteChunk.java      5 Feb 2002 17:36:42 -0000
> @@ -626,7 +626,8 @@
>       * @param s the string
>       */
>      public int indexOf(char c, int starting) {
> -       return indexOf( buff, start+starting, end, c);
> +       int ret = indexOf( buff, start+starting, end, c);
> +       return (ret >= start) ? ret - start : -1;
>      }
> 
>      public static int  indexOf( byte bytes[], int off, int 
> end, char qq )
> 
> I will commit this later today if I hear no objection.
> 
> Regards,
> Keith
> 
> 
> --
> To unsubscribe, e-mail:   
> <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: 
> <mailto:tomcat-dev-help@jakarta.apache.org>
> 

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message