tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From craig...@apache.org
Subject cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core LocalStrings.properties StandardContextMapper.java
Date Fri, 11 May 2001 23:20:12 GMT
craigmcc    01/05/11 16:20:12

  Modified:    catalina/src/share/org/apache/catalina/core
                        LocalStrings.properties StandardContextMapper.java
  Log:
  Return error 400 if the user uses invalid characters (including %00 and
  %7f) in a URI.  This fixes a security vulnerability, present in 4.0-b4,
  that exposes JSP source code when you request:
  
    http://localhost:8080/examples/jsp/num/numguess.jsp%00
  
  This is the same vulnerability that Marc just patched in 3.2.2.
  
  Revision  Changes    Path
  1.33      +1 -0      jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/LocalStrings.properties
  
  Index: LocalStrings.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/LocalStrings.properties,v
  retrieving revision 1.32
  retrieving revision 1.33
  diff -u -r1.32 -r1.33
  --- LocalStrings.properties	2001/05/04 05:07:07	1.32
  +++ LocalStrings.properties	2001/05/11 23:20:09	1.33
  @@ -67,6 +67,7 @@
   standardContext.stoppingWrapper=Exception stopping Wrapper for servlet {0}
   standardContext.urlDecode=Cannot URL decode request path {0}
   standardContext.urlPattern.patternWarning=WARNING: URL pattern {0} must start with a '/'
in Servlet 2.3
  +standardContext.urlValidate=Cannot validate URL decoded request path {0}
   standardContext.wrapper.error=JSP file {0} must start with a '/'
   standardContext.wrapper.warning=WARNING: JSP file {0} must start with a '/' in Servlet
2.3
   standardContext.invalidEnvEntryValue={0} environment entry has an invalid value for specified
type
  
  
  
  1.4       +31 -4     jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContextMapper.java
  
  Index: StandardContextMapper.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContextMapper.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- StandardContextMapper.java	2001/03/30 20:44:20	1.3
  +++ StandardContextMapper.java	2001/05/11 23:20:10	1.4
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContextMapper.java,v
1.3 2001/03/30 20:44:20 craigmcc Exp $
  - * $Revision: 1.3 $
  - * $Date: 2001/03/30 20:44:20 $
  + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContextMapper.java,v
1.4 2001/05/11 23:20:10 craigmcc Exp $
  + * $Revision: 1.4 $
  + * $Date: 2001/05/11 23:20:10 $
    *
    * ====================================================================
    *
  @@ -85,7 +85,7 @@
    * <code>StandardContext</code>, because it relies on internal APIs.
    *
    * @author Craig R. McClanahan
  - * @version $Revision: 1.3 $ $Date: 2001/03/30 20:44:20 $
  + * @version $Revision: 1.4 $ $Date: 2001/05/11 23:20:10 $
    */
   
   public final class StandardContextMapper
  @@ -204,6 +204,7 @@
           // servletPath and pathInfo as decoded strings
           try {
               relativeURI = RequestUtil.URLDecode(relativeURI);
  +            validate(relativeURI);
               if (debug >= 1)
                   context.log("Decoded relativeURI='" + relativeURI + "'");
           } catch (Exception e) {
  @@ -300,6 +301,32 @@
   	    ((HttpRequest) request).setPathInfo(pathInfo);
   	}
   	return (wrapper);
  +
  +    }
  +
  +
  +    // -------------------------------------------------------- Private Methods
  +
  +
  +    /**
  +     * Throw an exception if the specified relative URI (assumed to be already
  +     * decoded) contains any control characters.  See RFC 2396, Section 2.4.3,
  +     * for a discussion of why these characters are not allowed in URIs.
  +     *
  +     * @param relativeURI The decoded relative URI to be validated
  +     *
  +     * @exception IllegalArgumentException if the specified relative URI
  +     *  contains invalid characters
  +     */
  +    private void validate(String relativeURI) {
  +
  +        int n = relativeURI.length();
  +        for (int i = 0; i < n; i++) {
  +            char c = relativeURI.charAt(i);
  +            if ((c < '\u0020') || (c == '\u007f'))
  +                throw new IllegalArgumentException
  +                    (sm.getString("standardContext.urlValidate", relativeURI));
  +        }
   
       }
   
  
  
  

Mime
View raw message