This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new 197edd2 Further fix for BZ 65397. Account for symlink above
CATALINA_BASE
197edd2 is described below
commit 197edd2f4bb50bb46ce4c35e6d49765916662ccc
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri Jun 25 16:10:11 2021 +0100
Further fix for BZ 65397. Account for symlink above CATALINA_BASE
Detected on MacOS where the default tmp location for unit tests is
located under a symlink.
---
.../catalina/webresources/AbstractFileResourceSet.java | 14 ++++++++++++--
java/org/apache/catalina/webresources/DirResourceSet.java | 7 +++++--
2 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
index 3930a90..2635bbf 100644
--- a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
+++ b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
@@ -114,8 +114,8 @@ public abstract class AbstractFileResourceSet extends
AbstractResourceSet {
// Remove the fileBase location from the start of the paths since that
// was not part of the requested path and the remaining check only
// applies to the request path
- absPath = absPath.substring(absoluteBase.length());
- canPath = canPath.substring(canonicalBase.length());
+ absPath = removeAbsoluteBase(absPath);
+ canPath = removeCanonicalBase(canPath);
// Case sensitivity check
// The normalized requested path should be an exact match the
equivalent
@@ -145,6 +145,16 @@ public abstract class AbstractFileResourceSet extends
AbstractResourceSet {
}
+ protected String removeAbsoluteBase(String absolutePath) {
+ return absolutePath.substring(absoluteBase.length());
+ }
+
+
+ protected String removeCanonicalBase(String canonicalPath) {
+ return canonicalPath.substring(canonicalBase.length());
+ }
+
+
protected void logIgnoredSymlink(String contextPath, String absPath,
String canPath) {
String msg =
sm.getString("abstractFileResourceSet.canonicalfileCheckFailed",
contextPath, absPath, canPath);
diff --git a/java/org/apache/catalina/webresources/DirResourceSet.java
b/java/org/apache/catalina/webresources/DirResourceSet.java
index 354ca90..4f44567 100644
--- a/java/org/apache/catalina/webresources/DirResourceSet.java
+++ b/java/org/apache/catalina/webresources/DirResourceSet.java
@@ -166,8 +166,11 @@ public class DirResourceSet extends
AbstractFileResourceSet {
String absPath = null;
String canPath = null;
try {
- absPath = entry.getAbsolutePath();
- canPath = entry.getCanonicalPath();
+ // Base location may be inside a symlink. Only
+ // need to check here if the requested path
uses
+ // symlinks so remove the base paths.
+ absPath =
removeAbsoluteBase(entry.getAbsolutePath());
+ canPath =
removeCanonicalBase(entry.getCanonicalPath());
if (absPath.equals(canPath)) {
symlink = false;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
