This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.0.x by this push:
     new 197edd2  Further fix for BZ 65397. Account for symlink above 
CATALINA_BASE
197edd2 is described below

commit 197edd2f4bb50bb46ce4c35e6d49765916662ccc
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri Jun 25 16:10:11 2021 +0100

    Further fix for BZ 65397. Account for symlink above CATALINA_BASE
    
    Detected on MacOS where the default tmp location for unit tests is
    located under a symlink.
---
 .../catalina/webresources/AbstractFileResourceSet.java     | 14 ++++++++++++--
 java/org/apache/catalina/webresources/DirResourceSet.java  |  7 +++++--
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java 
b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
index 3930a90..2635bbf 100644
--- a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
+++ b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
@@ -114,8 +114,8 @@ public abstract class AbstractFileResourceSet extends 
AbstractResourceSet {
         // Remove the fileBase location from the start of the paths since that
         // was not part of the requested path and the remaining check only
         // applies to the request path
-        absPath = absPath.substring(absoluteBase.length());
-        canPath = canPath.substring(canonicalBase.length());
+        absPath = removeAbsoluteBase(absPath);
+        canPath = removeCanonicalBase(canPath);
 
         // Case sensitivity check
         // The normalized requested path should be an exact match the 
equivalent
@@ -145,6 +145,16 @@ public abstract class AbstractFileResourceSet extends 
AbstractResourceSet {
     }
 
 
+    protected String removeAbsoluteBase(String absolutePath) {
+        return absolutePath.substring(absoluteBase.length());
+    }
+
+
+    protected String removeCanonicalBase(String canonicalPath) {
+        return canonicalPath.substring(canonicalBase.length());
+    }
+
+
     protected void logIgnoredSymlink(String contextPath, String absPath, 
String canPath) {
         String msg = 
sm.getString("abstractFileResourceSet.canonicalfileCheckFailed",
                 contextPath, absPath, canPath);
diff --git a/java/org/apache/catalina/webresources/DirResourceSet.java 
b/java/org/apache/catalina/webresources/DirResourceSet.java
index 354ca90..4f44567 100644
--- a/java/org/apache/catalina/webresources/DirResourceSet.java
+++ b/java/org/apache/catalina/webresources/DirResourceSet.java
@@ -166,8 +166,11 @@ public class DirResourceSet extends 
AbstractFileResourceSet {
                             String absPath = null;
                             String canPath = null;
                             try {
-                                absPath = entry.getAbsolutePath();
-                                canPath = entry.getCanonicalPath();
+                                // Base location may be inside a symlink. Only
+                                // need to check here if the requested path 
uses
+                                // symlinks so remove the base paths.
+                                absPath = 
removeAbsoluteBase(entry.getAbsolutePath());
+                                canPath = 
removeCanonicalBase(entry.getCanonicalPath());
                                 if (absPath.equals(canPath)) {
                                     symlink = false;
                                 }

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to