Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Date: 22 Mar 2002 15:00:55 -0000
Message-ID: <20020322150055.1430.qmail@nagoya.betaversion.org>
From: bugzilla@apache.org
To: tomcat-dev@jakarta.apache.org
Cc: 
Subject: DO NOT REPLY [Bug 7364] New:  -
    compiler creates empty .java files for invalid URLs

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7364>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7364

compiler creates empty .java files for invalid URLs

           Summary: compiler creates empty .java files for invalid URLs
           Product: Tomcat 4
           Version: 4.0.2 Final
          Platform: Sun
        OS/Version: Solaris
            Status: NEW
          Severity: Minor
          Priority: Other
         Component: Jasper
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: fred@stsci.edu


If you enter an invalid URL that ends with .jsp, Tomcat creates zero length
files in the work directory that never get cleaned up.  We see these a lot in
development, but not too many with operational systems.  Someone could use this
to be mallicious and get the server into a state where you could not create
new work files for valid URLs, so it should probably be fixed as a potential
denial of service.  Ie if the URL is invalid and the JSP file does not exist
don't create the .java file in the work directory.  Currently I have 11 of
those zero length files due to type-o's on my part when entering the URL in
the browser.

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>