This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 2c691e7c61 Fix NPE
2c691e7c61 is described below
commit 2c691e7c61e782a5bfdac4f68acf7c9a8091e046
Author: remm <[email protected]>
AuthorDate: Tue Mar 17 15:02:59 2026 +0100
Fix NPE
Based on patch submitted by Shirsendu Mondal.
---
java/org/apache/catalina/servlets/WebdavServlet.java | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index 17973253f4..37d125408e 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -1882,6 +1882,9 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
String hrefPath = hrefUri.getPath();
+ if (hrefPath == null) {
+ return null;
+ }
// Avoid path traversals
if (!hrefPath.equals(RequestUtil.normalize(hrefPath))) {
@@ -2044,6 +2047,10 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
String destinationPath = destinationUri.getPath();
+ if (destinationPath == null) {
+ resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+ return false;
+ }
// Destination isn't allowed to use '.' or '..' segments
if (!destinationPath.equals(RequestUtil.normalize(destinationPath))) {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
