[tomcat] branch main updated: Avoid three unlikely NPE

Fri, 08 Sep 2023 04:03:20 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 5427edbcf9 Avoid three unlikely NPE
5427edbcf9 is described below

commit 5427edbcf94cc3bb3611b4a97c22e8a18d083714
Author: remm <r...@apache.org>
AuthorDate: Fri Sep 8 13:02:41 2023 +0200

    Avoid three unlikely NPE
    
    Found by coverity.
---
 java/org/apache/catalina/manager/HTMLManagerServlet.java | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/java/org/apache/catalina/manager/HTMLManagerServlet.java 
b/java/org/apache/catalina/manager/HTMLManagerServlet.java
index f990f462af..2b81662038 100644
--- a/java/org/apache/catalina/manager/HTMLManagerServlet.java
+++ b/java/org/apache/catalina/manager/HTMLManagerServlet.java
@@ -246,7 +246,7 @@ public final class HTMLManagerServlet extends 
ManagerServlet {
                     break;
                 }
                 String filename = warPart.getSubmittedFileName();
-                if (!filename.toLowerCase(Locale.ENGLISH).endsWith(".war")) {
+                if (filename == null || 
!filename.toLowerCase(Locale.ENGLISH).endsWith(".war")) {
                     message = smClient.getString(
                             "htmlManagerServlet.deployUploadNotWar", filename);
                     break;
@@ -1019,8 +1019,7 @@ public final class HTMLManagerServlet extends 
ManagerServlet {
         }
         int nbAffectedSessions = 0;
         for (String sessionId : sessionIds) {
-            HttpSession session =
-                    getSessionForNameAndId(cn, sessionId, 
smClient).getSession();
+            Session session = getSessionForNameAndId(cn, sessionId, smClient);
             if (null == session) {
                 // Shouldn't happen, but let's play nice...
                 if (debug >= 1) {
@@ -1029,7 +1028,7 @@ public final class HTMLManagerServlet extends 
ManagerServlet {
                 continue;
             }
             try {
-                session.invalidate();
+                session.getSession().invalidate();
                 ++nbAffectedSessions;
                 if (debug >= 1) {
                     log("Invalidating session id " + sessionId);
@@ -1054,8 +1053,7 @@ public final class HTMLManagerServlet extends 
ManagerServlet {
      */
     protected boolean removeSessionAttribute(ContextName cn, String sessionId,
             String attributeName, StringManager smClient) {
-        HttpSession session =
-            getSessionForNameAndId(cn, sessionId, smClient).getSession();
+        Session session = getSessionForNameAndId(cn, sessionId, smClient);
         if (null == session) {
             // Shouldn't happen, but let's play nice...
             if (debug >= 1) {
@@ -1063,9 +1061,10 @@ public final class HTMLManagerServlet extends 
ManagerServlet {
             }
             return false;
         }
-        boolean wasPresent = (null != session.getAttribute(attributeName));
+        HttpSession httpSession = session.getSession();
+        boolean wasPresent = (null != httpSession.getAttribute(attributeName));
         try {
-            session.removeAttribute(attributeName);
+            httpSession.removeAttribute(attributeName);
         } catch (IllegalStateException ise) {
             if (debug >= 1) {
                 log("Cannot remote attribute '" + attributeName + "' for 
invalidated session id " + sessionId);


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to