marcsaeg 01/05/11 15:34:30
Modified: src/share/org/apache/tomcat/util Tag: tomcat_32
RequestUtil.java
Log:
Fixes one last JSP source disclosure bug. On some platforms a URL ending
in .jsp%00 would cause the JSP's source text to be served back to the
client.
URLDecode() now works similar to Apache httpd and treats %00 and %2f
as forbidden characters in a URL.
Revision Changes Path
No revision
No revision
1.14.2.4 +6 -13
jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/RequestUtil.java
Index: RequestUtil.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/RequestUtil.java,v
retrieving revision 1.14.2.3
retrieving revision 1.14.2.4
diff -u -r1.14.2.3 -r1.14.2.4
--- RequestUtil.java 2001/03/17 20:52:50 1.14.2.3
+++ RequestUtil.java 2001/05/11 22:34:28 1.14.2.4
@@ -274,7 +274,7 @@
* @author: cut & paste from JServ, much faster that previous tomcat impl
*/
public final static String URLDecode(String str)
- throws NumberFormatException, StringIndexOutOfBoundsException
+ throws NumberFormatException,
StringIndexOutOfBoundsException,IllegalArgumentException
{
if (str == null) return null;
@@ -312,18 +312,11 @@
strPos++;
continue;
} else if (metaChar == '%') {
- // We throw the original exception - the super will deal with it
- // try {
- dec.append((char) Integer.parseInt(
- str.substring(strPos + 1, strPos +
3), 16));
- // } catch (NumberFormatException e) {
- // throw new IllegalArgumentException("invalid
hexadecimal "
- // + str.substring(strPos + 1, strPos + 3)
- // + " in URLencoded string (illegal unescaped
'%'?)" );
- // } catch (StringIndexOutOfBoundsException e) {
- // throw new IllegalArgumentException("illegal
unescaped '%' "
- // + " in URLencoded string" );
- // }
+ char c = (char) Integer.parseInt(str.substring(strPos + 1, strPos +
3), 16);
+ if(c == '/' || c == '\0')
+ throw new IllegalArgumentException("URL contains encoded
special chars.");
+
+ dec.append(c);
strPos += 3;
}
}