This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new e3f9cccbb6 Consistent handling for null attribute names
e3f9cccbb6 is described below
commit e3f9cccbb694b0766639308c19290ca2d484544e
Author: Mark Thomas <[email protected]>
AuthorDate: Fri May 22 16:52:19 2026 +0100
Consistent handling for null attribute names
---
.../apache/catalina/connector/LocalStrings.properties | 1 +
java/org/apache/catalina/connector/Request.java | 16 +++++++++-------
.../org/apache/catalina/core/ApplicationHttpRequest.java | 10 +++++++---
java/org/apache/catalina/core/ApplicationRequest.java | 12 +++++++++++-
java/org/apache/catalina/core/LocalStrings.properties | 1 +
5 files changed, 29 insertions(+), 11 deletions(-)
diff --git a/java/org/apache/catalina/connector/LocalStrings.properties
b/java/org/apache/catalina/connector/LocalStrings.properties
index 800f8c14cc..dce75aa6af 100644
--- a/java/org/apache/catalina/connector/LocalStrings.properties
+++ b/java/org/apache/catalina/connector/LocalStrings.properties
@@ -95,6 +95,7 @@ request.asyncNotSupported=A filter or servlet of the current
chain does not supp
request.fragmentInDispatchPath=The fragment in dispatch path [{0}] has been
removed
request.illegalWrap=The request wrapper must wrap the request obtained from
getRequest()
request.notAsync=It is illegal to call this method if the current request is
not in asynchronous mode (i.e. isAsyncStarted() returns false)
+request.nullAttributeName=Attribute name may not be null
request.partCleanup.failed=Unable to delete temporary file for uploaded part
after multi-part processing failed
request.session.failed=Failed to load session [{0}] due to [{1}]
diff --git a/java/org/apache/catalina/connector/Request.java
b/java/org/apache/catalina/connector/Request.java
index 1609fd2e88..becf17d8b9 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -960,6 +960,10 @@ public class Request implements HttpServletRequest {
@Override
public Object getAttribute(String name) {
+ if (name == null) {
+ throw new
IllegalArgumentException(sm.getString("request.nullAttributeName"));
+ }
+
// Special attributes
SpecialAttributeAdapter adapter = specialAttributes.get(name);
if (adapter != null) {
@@ -1486,7 +1490,7 @@ public class Request implements HttpServletRequest {
@Override
public void removeAttribute(String name) {
if (name == null) {
- throw new
IllegalArgumentException(sm.getString("coyoteRequest.setAttribute.namenull"));
+ throw new
IllegalArgumentException(sm.getString("request.nullAttributeName"));
}
// Remove the specified attribute
// Pass special attributes to the native layer
@@ -1507,18 +1511,16 @@ public class Request implements HttpServletRequest {
@Override
public void setAttribute(String name, Object value) {
-
- // Name cannot be null
- if (name == null) {
- throw new
IllegalArgumentException(sm.getString("coyoteRequest.setAttribute.namenull"));
- }
-
// Null value is the same as removeAttribute()
if (value == null) {
removeAttribute(name);
return;
}
+ if (name == null) {
+ throw new
IllegalArgumentException(sm.getString("request.nullAttributeName"));
+ }
+
// Special attributes
SpecialAttributeAdapter adapter = specialAttributes.get(name);
if (adapter != null) {
diff --git a/java/org/apache/catalina/core/ApplicationHttpRequest.java
b/java/org/apache/catalina/core/ApplicationHttpRequest.java
index d988a14a22..6c4d4385a6 100644
--- a/java/org/apache/catalina/core/ApplicationHttpRequest.java
+++ b/java/org/apache/catalina/core/ApplicationHttpRequest.java
@@ -225,7 +225,9 @@ class ApplicationHttpRequest extends
HttpServletRequestWrapper {
@Override
public Object getAttribute(String name) {
- if (name.equals(Globals.DISPATCHER_TYPE_ATTR)) {
+ if (name == null) {
+ throw new
IllegalArgumentException(sm.getString("applicationHttpRequest.nullAttributeName"));
+ } else if (name.equals(Globals.DISPATCHER_TYPE_ATTR)) {
return dispatcherType;
} else if (name.equals(Globals.DISPATCHER_REQUEST_PATH_ATTR)) {
if (requestDispatcherPath != null) {
@@ -293,7 +295,9 @@ class ApplicationHttpRequest extends
HttpServletRequestWrapper {
@Override
public void setAttribute(String name, Object value) {
- if (name.equals(Globals.DISPATCHER_TYPE_ATTR)) {
+ if (name == null) {
+ throw new
IllegalArgumentException(sm.getString("applicationHttpRequest.nullAttributeName"));
+ } else if (name.equals(Globals.DISPATCHER_TYPE_ATTR)) {
dispatcherType = (DispatcherType) value;
return;
} else if (name.equals(Globals.DISPATCHER_REQUEST_PATH_ATTR)) {
@@ -797,7 +801,7 @@ class ApplicationHttpRequest extends
HttpServletRequestWrapper {
*/
protected boolean setSpecial(String name, Object value) {
// Performance - see BZ 68089
- if (name.length() < shortestSpecialNameLength) {
+ if (name == null || name.length() < shortestSpecialNameLength) {
return false;
}
Integer index = specialsMap.get(name);
diff --git a/java/org/apache/catalina/core/ApplicationRequest.java
b/java/org/apache/catalina/core/ApplicationRequest.java
index ca4d7c09f2..8a3b88b3dc 100644
--- a/java/org/apache/catalina/core/ApplicationRequest.java
+++ b/java/org/apache/catalina/core/ApplicationRequest.java
@@ -27,6 +27,8 @@ import javax.servlet.RequestDispatcher;
import javax.servlet.ServletRequest;
import javax.servlet.ServletRequestWrapper;
+import org.apache.tomcat.util.res.StringManager;
+
/**
* Wrapper around a <code>javax.servlet.ServletRequest</code> that transforms
an application request object (which might
* be the original one passed to a servlet, or might be based on the 2.3
@@ -39,6 +41,8 @@ import javax.servlet.ServletRequestWrapper;
*/
class ApplicationRequest extends ServletRequestWrapper {
+ private static final StringManager sm =
StringManager.getManager(ApplicationRequest.class);
+
/**
* The set of attribute names that are special for request dispatchers.
*
@@ -85,6 +89,9 @@ class ApplicationRequest extends ServletRequestWrapper {
*/
@Override
public Object getAttribute(String name) {
+ if (name == null) {
+ throw new
IllegalArgumentException(sm.getString("applicationHttpRequest.nullAttributeName"));
+ }
synchronized (attributes) {
return attributes.get(name);
}
@@ -126,6 +133,9 @@ class ApplicationRequest extends ServletRequestWrapper {
*/
@Override
public void setAttribute(String name, Object value) {
+ if (name == null) {
+ throw new
IllegalArgumentException(sm.getString("applicationHttpRequest.nullAttributeName"));
+ }
synchronized (attributes) {
attributes.put(name, value);
if (!isSpecial(name)) {
@@ -145,7 +155,7 @@ class ApplicationRequest extends ServletRequestWrapper {
@Deprecated
protected boolean isSpecial(String name) {
// Performance - see BZ 68089
- if (name.length() < shortestSpecialNameLength) {
+ if (name == null || name.length() < shortestSpecialNameLength) {
return false;
}
return specialsSet.contains(name);
diff --git a/java/org/apache/catalina/core/LocalStrings.properties
b/java/org/apache/catalina/core/LocalStrings.properties
index 6b885bc04b..0f6537293e 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -64,6 +64,7 @@ applicationFilterRegistration.nullInitParam=Unable to set
initialisation paramet
applicationFilterRegistration.nullInitParams=Unable to set initialisation
parameters for filter due to null name and/or value. Name [{0}], Value [{1}]
applicationHttpRequest.fragmentInDispatchPath=The fragment in dispatch path
[{0}] has been removed
+applicationHttpRequest.nullAttributeName=Attribute name may not be null
applicationHttpRequest.sessionEndAccessFail=Exception triggered ending access
to session while recycling request
applicationPushBuilder.methodInvalid=The HTTP method for a push request must
be both cacheable and safe but [{0}] is not
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
