tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <cost...@covalent.net>
Subject RE: Bug in safe url parsing
Date Wed, 06 Feb 2002 01:59:30 GMT
On Tue, 5 Feb 2002, Larry Isaacs wrote:

> This looks good to me.  Also, CharChunk looks like it has
> the same problem.  Could you go ahead and fix that
> on as well.  Thanks.

And please, update j-t-c/util package as well :-)


Costin


> > -----Original Message-----
> > From: Keith Wannamaker [mailto:Keith@Wannamaker.org]
> > Sent: Tuesday, February 05, 2002 12:45 PM
> > To: Tomcat Developers List
> > Cc: larryi@apache.org
> > Subject: Bug in safe url parsing
> >
> >
> > Greetings,
> >
> > There is a bug in ByteChunk.indexOf which manifests itself
> > in the safe url parsing.  That is, BC.indexOf returns an
> > offset relative to the start of the byte buffer, rather
> > than the internal starting point.
> >
> > So, when safe url checks for indexOf('%'), depending on the
> > length of the method name, a number of %'s at the beginning
> > of the URL may be missed.
> >
> > So, the following URLs would be tagged as safe (currently):
> > GET /wannamak/%25%5C
> >
> > A quick fix is to use indexOf("%"), which converts the
> > relevant part of the byte array to a string, so the offset
> > is correct.
> >
> > However, I think that it would be better to correct BC.indexOf
> > in the following manner:
> >
> > Index: ByteChunk.java
> > ===================================================================
> > RCS file:
> > /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/buf/ByteChun
> > k.java,v
> > retrieving revision 1.8
> > diff -u -r1.8 ByteChunk.java
> > --- ByteChunk.java      19 Jul 2001 05:49:02 -0000      1.8
> > +++ ByteChunk.java      5 Feb 2002 17:36:42 -0000
> > @@ -626,7 +626,8 @@
> >       * @param s the string
> >       */
> >      public int indexOf(char c, int starting) {
> > -       return indexOf( buff, start+starting, end, c);
> > +       int ret = indexOf( buff, start+starting, end, c);
> > +       return (ret >= start) ? ret - start : -1;
> >      }
> >
> >      public static int  indexOf( byte bytes[], int off, int
> > end, char qq )
> >
> > I will commit this later today if I hear no objection.
> >
> > Regards,
> > Keith
> >
> >
> > --
> > To unsubscribe, e-mail:
> > <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> > <mailto:tomcat-dev-help@jakarta.apache.org>
> >
>
> --
> To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>
>


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message