Author: markt Date: Wed Jun 3 22:05:39 2009 New Revision: 781601 URL: http://svn.apache.org/viewvc?rev=781601&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46606 Max max depth limit configurable
Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java tomcat/container/tc5.5.x/webapps/docs/changelog.xml Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java?rev=781601&r1=781600&r2=781601&view=diff ============================================================================== --- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java (original) +++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java Wed Jun 3 22:05:39 2009 @@ -94,12 +94,6 @@ /** - * Default depth is infinite. - */ - private static final int INFINITY = 3; // To limit tree browsing a bit - - - /** * PROPFIND - Specify a property mask. */ private static final int FIND_BY_PROPERTY = 0; @@ -210,6 +204,13 @@ private String secret = "catalina"; + /** + * Default depth in spec is infinite. Limit depth to 3 by default as + * infinite depth makes operations very expensive. + */ + private int maxDepth = 3; + + // --------------------------------------------------------- Public Methods @@ -232,6 +233,10 @@ } + if (getServletConfig().getInitParameter("maxDepth") != null) + maxDepth = Integer.parseInt( + getServletConfig().getInitParameter("maxDepth")); + // Load the MD5 helper used to calculate signatures. try { md5Helper = MessageDigest.getInstance("MD5"); @@ -407,21 +412,21 @@ // Properties which are to be displayed. List properties = null; // Propfind depth - int depth = INFINITY; + int depth = maxDepth; // Propfind type int type = FIND_ALL_PROP; String depthStr = req.getHeader("Depth"); if (depthStr == null) { - depth = INFINITY; + depth = maxDepth; } else { if (depthStr.equals("0")) { depth = 0; } else if (depthStr.equals("1")) { depth = 1; } else if (depthStr.equals("infinity")) { - depth = INFINITY; + depth = maxDepth; } } @@ -844,12 +849,12 @@ String depthStr = req.getHeader("Depth"); if (depthStr == null) { - lock.depth = INFINITY; + lock.depth = maxDepth; } else { if (depthStr.equals("0")) { lock.depth = 0; } else { - lock.depth = INFINITY; + lock.depth = maxDepth; } } @@ -1052,7 +1057,7 @@ md5Encoder.encode(md5Helper.digest(lockTokenStr.getBytes())); if ( (exists) && (object instanceof DirContext) && - (lock.depth == INFINITY) ) { + (lock.depth == maxDepth) ) { // Locking a collection (and all its member resources) @@ -2726,7 +2731,7 @@ generatedXML.writeElement(null, "lockscope", XMLWriter.CLOSING); generatedXML.writeElement(null, "depth", XMLWriter.OPENING); - if (depth == INFINITY) { + if (depth == maxDepth) { generatedXML.writeText("Infinity"); } else { generatedXML.writeText("0"); Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=781601&r1=781600&r2=781601&view=diff ============================================================================== --- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original) +++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Wed Jun 3 22:05:39 2009 @@ -103,6 +103,10 @@ (markt) </fix> <fix> + <bug>46606</bug>: Make max depth limit for WebDAV servlet configurable. + (markt) + </fix> + <fix> Improve handling of situation where web application tries to configure logging at the context level but the security policy prevents this. (markt/rjung) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org