Author: markt
Date: Fri Aug 11 07:06:46 2017
New Revision: 1804754
URL: http://svn.apache.org/viewvc?rev=1804754&view=rev
Log:
Now CVE-2017-7675 is public, make the comment more specific
Modified:
tomcat/trunk/java/org/apache/coyote/http2/Stream.java
Modified: tomcat/trunk/java/org/apache/coyote/http2/Stream.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Stream.java?rev=1804754&r1=1804753&r2=1804754&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http2/Stream.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http2/Stream.java Fri Aug 11 07:06:46
2017
@@ -313,8 +313,10 @@ class Stream extends AbstractStream impl
String query = value.substring(queryStart + 1);
coyoteRequest.queryString().setString(query);
}
- // Bug 61120. Set the URI as bytes rather than String so any path
- // parameters are correctly processed
+ // Bug 61120. Set the URI as bytes rather than String so:
+ // - any path parameters are correctly processed
+ // - the normalization security checks are performed that prevent
+ // directory traversal attacks
byte[] uriBytes = uri.getBytes(StandardCharsets.ISO_8859_1);
coyoteRequest.requestURI().setBytes(uriBytes, 0, uriBytes.length);
break;
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]