tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 6884] - Need Better Error Handling in WebappClassLoader.validateJarFile
Date Fri, 07 Jun 2002 16:45:54 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6884>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6884

Need Better Error Handling in WebappClassLoader.validateJarFile





------- Additional Comments From bob@jadn.com  2002-06-07 16:45 -------

I checked 4.1.3 and it also has this issue. The patch at the bottom adds
logging.  Although looking at the class, I am concerned that
WebappClassLoader.java only checks for one class "javax.servlet.Servlet.class"

Perahaps it would be wiser to loop through the jar's contents and reject it
if anything startsWith("javax/servlet/") ?


Index:
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java,v
retrieving revision 1.39
diff -u -r1.39 WebappClassLoader.java
---
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java  
 
22 May 2002 23:35:52 -0000       1.39
+++
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java  
 
7 Jun 2002 16:35:48 -0000
@@ -1994,6 +1994,7 @@
                 log(" Checking for " + name);
             JarEntry jarEntry = jarFile.getJarEntry(name);
             if (jarEntry != null) {
+                log("validateJarFile("+jarfile+") - jar not loaded. See Servlet
Spec 2.3, section 9.7.2. Offending class: " + name);
                 jarFile.close();
                 return (false);
             }

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message