remm 01/07/16 18:04:29
Modified: catalina/src/share/org/apache/catalina/connector/http
HttpProcessor.java
Log:
- %25, %2F, %2E and %5C are now forbidden in the request URI. I hope this
is not a problem with multi-byte characters.
- Medium risk fix : always finish the response. That could lead to connection
management problems. That has to be changed since otherwise no HTTP error
report would be generated when something bad happened when parsing
the request.
Revision Changes Path
1.30 +31 -16
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http/HttpProcessor.java
Index: HttpProcessor.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http/HttpProcessor.java,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- HttpProcessor.java 2001/07/16 21:55:17 1.29
+++ HttpProcessor.java 2001/07/17 01:04:29 1.30
@@ -1,6 +1,6 @@
-/* * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http/HttpProcessor.java,v
1.29 2001/07/16 21:55:17 remm Exp $
- * $Revision: 1.29 $
- * $Date: 2001/07/16 21:55:17 $
+/* * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http/HttpProcessor.java,v
1.30 2001/07/17 01:04:29 remm Exp $
+ * $Revision: 1.30 $
+ * $Date: 2001/07/17 01:04:29 $
*
* ====================================================================
*
@@ -106,7 +106,7 @@
*
* @author Craig R. McClanahan
* @author Remy Maucherat
- * @version $Revision: 1.29 $ $Date: 2001/07/16 21:55:17 $
+ * @version $Revision: 1.30 $ $Date: 2001/07/17 01:04:29 $
*/
final class HttpProcessor
@@ -778,18 +778,22 @@
if (debug >= 1)
log("Normalized: '" + uri + "' to '" + normalizedUri + "'");
- if (normalizedUri == null) {
- log(" Invalid request URI: '" + uri + "'");
- throw new IOException("Invalid URI: " + uri + "'");
- }
-
// Set the corresponding request properties
((HttpRequest) request).setMethod(method);
request.setProtocol(protocol);
- ((HttpRequest) request).setRequestURI(normalizedUri);
+ if (normalizedUri != null) {
+ ((HttpRequest) request).setRequestURI(normalizedUri);
+ } else {
+ ((HttpRequest) request).setRequestURI(uri);
+ }
request.setSecure(connector.getSecure());
request.setScheme(connector.getScheme());
+ if (normalizedUri == null) {
+ log(" Invalid request URI: '" + uri + "'");
+ throw new ServletException("Invalid URI: " + uri + "'");
+ }
+
if (debug >= 1)
log(" Request is '" + method + "' for '" + uri +
"' with protocol '" + protocol + "'");
@@ -814,8 +818,13 @@
// Create a place for the normalized path
String normalized = path;
- if (normalized == null)
- return (null);
+ // Prevent encoding '%', '/', '.' and '\', which are special reserved
+ // characters
+ if ((normalized.indexOf("%25") > 0) || (normalized.indexOf("%2F") > 0)
+ || (normalized.indexOf("%2E") > 0)
+ || (normalized.indexOf("%5C") > 0)) {
+ return null;
+ }
if (normalized.equals("/."))
return "/";
@@ -933,6 +942,14 @@
}
} catch (EOFException e) {
ok = false;
+ } catch (ServletException e) {
+ ok = false;
+ try {
+ ((HttpServletResponse) response.getResponse())
+ .sendError(HttpServletResponse.SC_BAD_REQUEST);
+ } catch (Exception f) {
+ ;
+ }
} catch (InterruptedIOException e) {
if (debug > 1) {
try {
@@ -986,10 +1003,8 @@
// Finish up the handling of the request
try {
- if (ok) {
- response.finishResponse();
- request.finishRequest();
- }
+ response.finishResponse();
+ request.finishRequest();
if (output != null)
output.flush();
} catch (IOException e) {