On 25/06/2021 21:39, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 4df19b7 More refactoring of the BZ 65397 fix.
4df19b7 is described below
commit 4df19b792eae949e74ac18b170fdce718aab5953
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri Jun 25 21:38:56 2021 +0100
More refactoring of the BZ 65397 fix.
Revert some of the changes made for MacOs and implement a solution that
hopefully works on Windows, Linux and MacOS.
Woot. Tests pass. Back-porting now. Tags to follow shortly.
Mark
---
.../catalina/webresources/AbstractFileResourceSet.java | 14 ++------------
java/org/apache/catalina/webresources/DirResourceSet.java | 12 +++++++-----
2 files changed, 9 insertions(+), 17 deletions(-)
diff --git a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
index 2635bbf..3930a90 100644
--- a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
+++ b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
@@ -114,8 +114,8 @@ public abstract class AbstractFileResourceSet extends
AbstractResourceSet {
// Remove the fileBase location from the start of the paths since that
// was not part of the requested path and the remaining check only
// applies to the request path
- absPath = removeAbsoluteBase(absPath);
- canPath = removeCanonicalBase(canPath);
+ absPath = absPath.substring(absoluteBase.length());
+ canPath = canPath.substring(canonicalBase.length());
// Case sensitivity check
// The normalized requested path should be an exact match the
equivalent
@@ -145,16 +145,6 @@ public abstract class AbstractFileResourceSet extends
AbstractResourceSet {
}
- protected String removeAbsoluteBase(String absolutePath) {
- return absolutePath.substring(absoluteBase.length());
- }
-
-
- protected String removeCanonicalBase(String canonicalPath) {
- return canonicalPath.substring(canonicalBase.length());
- }
-
-
protected void logIgnoredSymlink(String contextPath, String absPath,
String canPath) {
String msg =
sm.getString("abstractFileResourceSet.canonicalfileCheckFailed",
contextPath, absPath, canPath);
diff --git a/java/org/apache/catalina/webresources/DirResourceSet.java
b/java/org/apache/catalina/webresources/DirResourceSet.java
index 4f44567..6bb0b25 100644
--- a/java/org/apache/catalina/webresources/DirResourceSet.java
+++ b/java/org/apache/catalina/webresources/DirResourceSet.java
@@ -166,11 +166,13 @@ public class DirResourceSet extends
AbstractFileResourceSet {
String absPath = null;
String canPath = null;
try {
- // Base location may be inside a symlink. Only
- // need to check here if the requested path
uses
- // symlinks so remove the base paths.
- absPath =
removeAbsoluteBase(entry.getAbsolutePath());
- canPath =
removeCanonicalBase(entry.getCanonicalPath());
+ // We know that 'f' must be valid since it will
+ // have been checked in the call to file()
+ // above. Therefore strip off the path of the
+ // path that was contributed by 'f' and check
+ // that what is left does not contain a
symlink.
+ absPath =
entry.getAbsolutePath().substring(f.getAbsolutePath().length());
+ canPath =
entry.getCanonicalPath().substring(f.getCanonicalPath().length());
if (absPath.equals(canPath)) {
symlink = false;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org