tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r783291 - /tomcat/container/tc5.5.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java
Date Wed, 10 Jun 2009 11:11:35 GMT
Author: markt
Date: Wed Jun 10 11:11:34 2009
New Revision: 783291

URL: http://svn.apache.org/viewvc?rev=783291&view=rev
Log:
Fix port for CVE-2008-5515.
FileDirContext needs own normalize method as RequestUtil is not visible due to class loader
structure

Modified:
    tomcat/container/tc5.5.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java

Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java?rev=783291&r1=783290&r2=783291&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java
(original)
+++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java
Wed Jun 10 11:11:34 2009
@@ -37,7 +37,6 @@
 import javax.naming.directory.ModificationItem;
 import javax.naming.directory.SearchControls;
 
-import org.apache.catalina.util.RequestUtil;
 import org.apache.naming.NamingContextBindingsEnumeration;
 import org.apache.naming.NamingContextEnumeration;
 import org.apache.naming.NamingEntry;
@@ -774,10 +773,58 @@
      */
     protected String normalize(String path) {
 
-        return RequestUtil.normalize(path, File.separatorChar == '\\');
+        if (path == null)
+            return null;
+
+        // Create a place for the normalized path
+        String normalized = path;
+
+        if (File.separatorChar == '\\' && normalized.indexOf('\\') >= 0)
+            normalized = normalized.replace('\\', '/');
+
+        if (normalized.equals("/."))
+            return "/";
+
+        // Add a leading "/" if necessary
+        if (!normalized.startsWith("/"))
+            normalized = "/" + normalized;
+
+        // Resolve occurrences of "//" in the normalized path
+        while (true) {
+            int index = normalized.indexOf("//");
+            if (index < 0)
+                break;
+            normalized = normalized.substring(0, index) +
+                normalized.substring(index + 1);
+        }
+
+        // Resolve occurrences of "/./" in the normalized path
+        while (true) {
+            int index = normalized.indexOf("/./");
+            if (index < 0)
+                break;
+            normalized = normalized.substring(0, index) +
+                normalized.substring(index + 2);
+        }
+
+        // Resolve occurrences of "/../" in the normalized path
+        while (true) {
+            int index = normalized.indexOf("/../");
+            if (index < 0)
+                break;
+            if (index == 0)
+                return (null);  // Trying to go outside our context
+            int index2 = normalized.lastIndexOf('/', index - 1);
+            normalized = normalized.substring(0, index2) +
+                normalized.substring(index + 3);
+        }
+
+        // Return the normalized path that we have completed
+        return (normalized);
 
     }
 
+
     /**
      * Return a File object representing the specified normalized
      * context-relative path if it exists and is readable.  Otherwise,



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message