Return-Path: <dev-return-186535-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 31696200D23
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu, 19 Oct 2017 12:08:41 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 2FDEC1609ED; Thu, 19 Oct 2017 10:08:41 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 753221609E2
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 19 Oct 2017 12:08:40 +0200 (CEST)
Received: (qmail 10415 invoked by uid 500); 19 Oct 2017 10:08:39 -0000
Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@tomcat.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@tomcat.apache.org>
List-Post: <mailto:dev@tomcat.apache.org>
List-Id: <dev.tomcat.apache.org>
Reply-To: "Tomcat Developers List" <dev@tomcat.apache.org>
Delivered-To: mailing list dev@tomcat.apache.org
Received: (qmail 10405 invoked by uid 99); 19 Oct 2017 10:08:39 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Oct 2017 10:08:39 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 8F02C180352
	for <dev@tomcat.apache.org>; Thu, 19 Oct 2017 10:08:38 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level: 
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=6.31
	tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
	autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id tfi4IKmOsa9h for <dev@tomcat.apache.org>;
	Thu, 19 Oct 2017 10:08:33 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 435855FD41
	for <dev@tomcat.apache.org>; Thu, 19 Oct 2017 10:08:33 +0000 (UTC)
Received: from asf-bz1-us-mid.priv.apache.org (nat1-us-mid.apache.org [23.253.172.122])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTPS id C6C5BE06C2
	for <dev@tomcat.apache.org>; Thu, 19 Oct 2017 10:08:32 +0000 (UTC)
Received: by asf-bz1-us-mid.priv.apache.org (ASF Mail Server at asf-bz1-us-mid.priv.apache.org, from userid 33)
	id E254A608BB; Thu, 19 Oct 2017 10:08:28 +0000 (UTC)
From: bugzilla@apache.org
To: dev@tomcat.apache.org
Subject: [Bug 61634] URLs with double consecutive slashes stopped working in
 8.0.45 in some scenarios
Date: Thu, 19 Oct 2017 10:08:27 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Tomcat 8
X-Bugzilla-Component: Catalina
X-Bugzilla-Version: 8.0.45
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: markt@apache.org
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Resolution: INVALID
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: dev@tomcat.apache.org
X-Bugzilla-Target-Milestone: ----
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: op_sys bug_status resolution
Message-ID: <bug-61634-78-eeKV5TWbuD@https.bz.apache.org/bugzilla/>
In-Reply-To: <bug-61634-78@https.bz.apache.org/bugzilla/>
References: <bug-61634-78@https.bz.apache.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bz.apache.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
archived-at: Thu, 19 Oct 2017 10:08:41 -0000

https://bz.apache.org/bugzilla/show_bug.cgi?id=3D61634

Mark Thomas <markt@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|                            |All
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Mark Thomas <markt@apache.org> ---
Thanks for the test case. It is much easier to figure out what is going on =
with
a working example in front of you.

The short version is that I do not believe there is a Tomcat bug here.

The difference between 8.0.44 and 8.0.45 that causes this is indeed the fix=
 for
bug 61185. It wasn't obvious that fix and this issue were related until the=
 use
of the Tuckey rewrite filter was mentioned.

The rewrite filter uses RequestDispatchers to forward requests to the rewri=
tten
URL. The filter correctly uses HttpServletRequest.getRequestURI() to obtain=
 the
URL provided by the user to perform the rewrite.

The fix corrected an edge case behaviour in Tomcat's RequestDispatcher
implementation that was not compliant with the Servlet specification. From
section 9.4 of the Servlet specifcation:

<quote>
The path elements of the request object exposed to the target servlet must
reflect the path used to obtain the RequestDispatcher.
</quote>

In this case the rewrite in the ROOT context obtains a RequestDispatcher for
/context2 using the path "/index//index.html". Tomcat normalises (and decod=
es)
this path to enable the request to be mapped to the correct Servlet. Prior =
to
8.0.45 Tomcat incorrectly then used the normalized path to construct the
RequestDispatcher. This meant that the target servlet saw a path of
"/index/index.html" for HttpServletRequest.getRequestURI() which was NOT the
path used to obtain the RequestDispatcher and was therefore NOT compliant w=
ith
section 9.4 of the Servlet Specification.

As of 8.0.45 Tomcat correctly uses the originally provided path
"/index//index.html" to construct the RequestDispatcher.

The rewrite filter decodes URLs before processing but does not appear norma=
lize
them. That is surprising. In matching incoming URIs to rewrite rules, the
filter is doing something very similar to what Tomcat (or any Servlet
container) does to map a request to a Servlet. The process Tomcat uses for =
this
is (in short form) normalize, decode, check normalization, map. I'd expect =
the
filter to do something similar.

I tried Googling for information on configuring the rewrite filter to norma=
lize
but all I could find was this:
https://jira.atlassian.com/browse/CONFSERVER-26888

I also searched the rewrite filter source at GitHub but could find no
references to normalization.

At this point I recommend opening an issue with the rewrite filter. My own =
view
is that it should always "normalize, decode, check normalize, rewrite" rath=
er
than just "decode, rewrite".

Finally, it is worth mentioning the
http://localhost:8080/index/foo/../index.html fails as well. Note if you ma=
ke
that request with a browser it is likely to normalize it for you before sen=
ding
it and then it will work.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org