[tomcat] branch 8.5.x updated: Avoid three unlikely NPE

Fri, 08 Sep 2023 04:05:57 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new 39f7fa3158 Avoid three unlikely NPE
39f7fa3158 is described below

commit 39f7fa31580463d4b765493103101e540f9c9e82
Author: remm <r...@apache.org>
AuthorDate: Fri Sep 8 13:02:41 2023 +0200

    Avoid three unlikely NPE
    
    Found by coverity.
---
 java/org/apache/catalina/manager/HTMLManagerServlet.java | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/java/org/apache/catalina/manager/HTMLManagerServlet.java 
b/java/org/apache/catalina/manager/HTMLManagerServlet.java
index 9c680346b9..50bb1b4c02 100644
--- a/java/org/apache/catalina/manager/HTMLManagerServlet.java
+++ b/java/org/apache/catalina/manager/HTMLManagerServlet.java
@@ -242,7 +242,7 @@ public final class HTMLManagerServlet extends 
ManagerServlet {
                     break;
                 }
                 String filename = warPart.getSubmittedFileName();
-                if (!filename.toLowerCase(Locale.ENGLISH).endsWith(".war")) {
+                if (filename == null || 
!filename.toLowerCase(Locale.ENGLISH).endsWith(".war")) {
                     message = smClient.getString(
                             "htmlManagerServlet.deployUploadNotWar", filename);
                     break;
@@ -1014,8 +1014,7 @@ public final class HTMLManagerServlet extends 
ManagerServlet {
         }
         int nbAffectedSessions = 0;
         for (String sessionId : sessionIds) {
-            HttpSession session =
-                    getSessionForNameAndId(cn, sessionId, 
smClient).getSession();
+            Session session = getSessionForNameAndId(cn, sessionId, smClient);
             if (null == session) {
                 // Shouldn't happen, but let's play nice...
                 if (debug >= 1) {
@@ -1024,7 +1023,7 @@ public final class HTMLManagerServlet extends 
ManagerServlet {
                 continue;
             }
             try {
-                session.invalidate();
+                session.getSession().invalidate();
                 ++nbAffectedSessions;
                 if (debug >= 1) {
                     log("Invalidating session id " + sessionId);
@@ -1049,8 +1048,7 @@ public final class HTMLManagerServlet extends 
ManagerServlet {
      */
     protected boolean removeSessionAttribute(ContextName cn, String sessionId,
             String attributeName, StringManager smClient) {
-        HttpSession session =
-            getSessionForNameAndId(cn, sessionId, smClient).getSession();
+        Session session = getSessionForNameAndId(cn, sessionId, smClient);
         if (null == session) {
             // Shouldn't happen, but let's play nice...
             if (debug >= 1) {
@@ -1058,9 +1056,10 @@ public final class HTMLManagerServlet extends 
ManagerServlet {
             }
             return false;
         }
-        boolean wasPresent = (null != session.getAttribute(attributeName));
+        HttpSession httpSession = session.getSession();
+        boolean wasPresent = (null != httpSession.getAttribute(attributeName));
         try {
-            session.removeAttribute(attributeName);
+            httpSession.removeAttribute(attributeName);
         } catch (IllegalStateException ise) {
             if (debug >= 1) {
                 log("Can't remote attribute '" + attributeName + "' for 
invalidated session id " + sessionId);


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to