tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1058689 - in /tomcat/trunk: java/org/apache/catalina/users/LocalStrings.properties java/org/apache/catalina/users/MemoryUserDatabase.java webapps/docs/changelog.xml
Date Thu, 13 Jan 2011 17:55:55 GMT
Author: markt
Date: Thu Jan 13 17:55:55 2011
New Revision: 1058689

URL: http://svn.apache.org/viewvc?rev=1058689&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=18797
Provide null/zero-length protection

Modified:
    tomcat/trunk/java/org/apache/catalina/users/LocalStrings.properties
    tomcat/trunk/java/org/apache/catalina/users/MemoryUserDatabase.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/users/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/users/LocalStrings.properties?rev=1058689&r1=1058688&r2=1058689&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/users/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/catalina/users/LocalStrings.properties Thu Jan 13 17:55:55
2011
@@ -14,9 +14,12 @@
 # limitations under the License.
 
 memoryUserDatabase.invalidGroup=Invalid group name {0}
+memoryUserDatabase.notPersistable=User database is not persistable - no write permissions
on directory
+memoryUserDatabase.nullGroup=Null or zero length group name specified. The group will be
ignored.
+memoryUserDatabase.nullRole=Null or zero length role name specified. The role will be ignored.
+memoryUserDatabase.nullUser=Null or zero length user name specified. The user will be ignored.
+memoryUserDatabase.readOnly=User database has been configured to be read only. Changes cannot
be saved
 memoryUserDatabase.renameOld=Cannot rename original file to {0}
 memoryUserDatabase.renameNew=Cannot rename new file to {0}
 memoryUserDatabase.writeException=IOException writing to {0}
-memoryUserDatabase.notPersistable=User database is not persistable - no write permissions
on directory
-memoryUserDatabase.readOnly=User database has been configured to be read only. Changes cannot
be saved
 memoryUserDatabase.xmlFeatureEncoding=Exception configuring digester to permit java encoding
names in XML files. Only IANA encoding names will be supported.

Modified: tomcat/trunk/java/org/apache/catalina/users/MemoryUserDatabase.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/users/MemoryUserDatabase.java?rev=1058689&r1=1058688&r2=1058689&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/users/MemoryUserDatabase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/users/MemoryUserDatabase.java Thu Jan 13 17:55:55
2011
@@ -272,6 +272,12 @@ public class MemoryUserDatabase implemen
      */
     public Group createGroup(String groupname, String description) {
 
+        if (groupname == null || groupname.length() == 0) {
+            String msg = sm.getString("memoryUserDatabase.nullGroup");
+            log.warn(msg);
+            throw new IllegalArgumentException(msg);
+        }
+
         MemoryGroup group = new MemoryGroup(this, groupname, description);
         synchronized (groups) {
             groups.put(group.getGroupname(), group);
@@ -289,6 +295,12 @@ public class MemoryUserDatabase implemen
      */
     public Role createRole(String rolename, String description) {
 
+        if (rolename == null || rolename.length() == 0) {
+            String msg = sm.getString("memoryUserDatabase.nullRole");
+            log.warn(msg);
+            throw new IllegalArgumentException(msg);
+        }
+
         MemoryRole role = new MemoryRole(this, rolename, description);
         synchronized (roles) {
             roles.put(role.getRolename(), role);
@@ -308,12 +320,17 @@ public class MemoryUserDatabase implemen
     public User createUser(String username, String password,
                            String fullName) {
 
+        if (username == null || username.length() == 0) {
+            String msg = sm.getString("memoryUserDatabase.nullUser");
+            log.warn(msg);
+            throw new IllegalArgumentException(msg);
+        }
+
         MemoryUser user = new MemoryUser(this, username, password, fullName);
         synchronized (users) {
             users.put(user.getUsername(), user);
         }
         return (user);
-
     }
 
 
@@ -399,13 +416,13 @@ public class MemoryUserDatabase implemen
                 }
                 digester.addFactoryCreate
                     ("tomcat-users/group",
-                     new MemoryGroupCreationFactory(this));
+                     new MemoryGroupCreationFactory(this), true);
                 digester.addFactoryCreate
                     ("tomcat-users/role",
-                     new MemoryRoleCreationFactory(this));
+                     new MemoryRoleCreationFactory(this), true);
                 digester.addFactoryCreate
                     ("tomcat-users/user",
-                     new MemoryUserCreationFactory(this));
+                     new MemoryUserCreationFactory(this), true);
 
                 // Parse the XML input file to load this database
                 try {

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1058689&r1=1058688&r2=1058689&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Jan 13 17:55:55 2011
@@ -49,6 +49,11 @@
         <code>stderr</code> internally so users retain the option to treat the
         separately. (markt)
       </fix>
+      <add>
+        <bug>18797</bug>: Provide protection against <code>null</code>
or zero
+        length names being provided for users, roles and groups in the
+        <code>MemoryRealm</code> and <code>UserDatabaseRealm</code>.
(markt)
+      </add>
       <update>
         Improve fix for <bug>50205</bug> to trigger an error earlier if invalid
         configuration is used. (markt)



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message