This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push: new 843ef3b More refactoring of the BZ 65397 fix. 843ef3b is described below commit 843ef3b28a07d0b102af8aeb7772fb895a8d927c Author: Mark Thomas <ma...@apache.org> AuthorDate: Fri Jun 25 21:38:56 2021 +0100 More refactoring of the BZ 65397 fix. Revert some of the changes made for MacOs and implement a solution that hopefully works on Windows, Linux and MacOS. --- .../catalina/webresources/AbstractFileResourceSet.java | 14 ++------------ java/org/apache/catalina/webresources/DirResourceSet.java | 12 +++++++----- 2 files changed, 9 insertions(+), 17 deletions(-) diff --git a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java index 2635bbf..3930a90 100644 --- a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java +++ b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java @@ -114,8 +114,8 @@ public abstract class AbstractFileResourceSet extends AbstractResourceSet { // Remove the fileBase location from the start of the paths since that // was not part of the requested path and the remaining check only // applies to the request path - absPath = removeAbsoluteBase(absPath); - canPath = removeCanonicalBase(canPath); + absPath = absPath.substring(absoluteBase.length()); + canPath = canPath.substring(canonicalBase.length()); // Case sensitivity check // The normalized requested path should be an exact match the equivalent @@ -145,16 +145,6 @@ public abstract class AbstractFileResourceSet extends AbstractResourceSet { } - protected String removeAbsoluteBase(String absolutePath) { - return absolutePath.substring(absoluteBase.length()); - } - - - protected String removeCanonicalBase(String canonicalPath) { - return canonicalPath.substring(canonicalBase.length()); - } - - protected void logIgnoredSymlink(String contextPath, String absPath, String canPath) { String msg = sm.getString("abstractFileResourceSet.canonicalfileCheckFailed", contextPath, absPath, canPath); diff --git a/java/org/apache/catalina/webresources/DirResourceSet.java b/java/org/apache/catalina/webresources/DirResourceSet.java index 4f44567..6bb0b25 100644 --- a/java/org/apache/catalina/webresources/DirResourceSet.java +++ b/java/org/apache/catalina/webresources/DirResourceSet.java @@ -166,11 +166,13 @@ public class DirResourceSet extends AbstractFileResourceSet { String absPath = null; String canPath = null; try { - // Base location may be inside a symlink. Only - // need to check here if the requested path uses - // symlinks so remove the base paths. - absPath = removeAbsoluteBase(entry.getAbsolutePath()); - canPath = removeCanonicalBase(entry.getCanonicalPath()); + // We know that 'f' must be valid since it will + // have been checked in the call to file() + // above. Therefore strip off the path of the + // path that was contributed by 'f' and check + // that what is left does not contain a symlink. + absPath = entry.getAbsolutePath().substring(f.getAbsolutePath().length()); + canPath = entry.getCanonicalPath().substring(f.getCanonicalPath().length()); if (absPath.equals(canPath)) { symlink = false; } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org