This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 46aa4e0d12 Fix NPE
46aa4e0d12 is described below
commit 46aa4e0d12e9ef9921ee1c1b68d17b59a3fb3abc
Author: remm <[email protected]>
AuthorDate: Tue Mar 17 15:02:59 2026 +0100
Fix NPE
Based on patch submitted by Shirsendu Mondal.
---
java/org/apache/catalina/servlets/WebdavServlet.java | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index 8bb41ac143..7c3bebb3a4 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -1887,6 +1887,9 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
String hrefPath = hrefUri.getPath();
+ if (hrefPath == null) {
+ return null;
+ }
// Avoid path traversals
if (!hrefPath.equals(RequestUtil.normalize(hrefPath))) {
@@ -2049,6 +2052,10 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
String destinationPath = destinationUri.getPath();
+ if (destinationPath == null) {
+ resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+ return false;
+ }
// Destination isn't allowed to use '.' or '..' segments
if (!destinationPath.equals(RequestUtil.normalize(destinationPath))) {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
