cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector HttpResponseBase.java

Tue, 13 Nov 2001 11:52:22 -0800 

patrickl    01/11/13 11:39:28

  Modified:    catalina/src/share/org/apache/catalina/connector
                        HttpResponseBase.java
  Log:
  Trap uncaught exceptions thrown by certain malformed URIs and return SC_NOT_FOUND 
instead. These uncaught exceptions are thrown when URIs contain more "/.." directories 
than non "/.." directories. For example, http://localhost/.. and 
http://localhost/examples/../.. will both throw these uncaught exceptions.
  
  Revision  Changes    Path
  1.40      +11 -7     
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java
  
  Index: HttpResponseBase.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java,v
  retrieving revision 1.39
  retrieving revision 1.40
  diff -u -r1.39 -r1.40
  --- HttpResponseBase.java     2001/10/04 03:36:49     1.39
  +++ HttpResponseBase.java     2001/11/13 19:39:27     1.40
  @@ -1,7 +1,7 @@
   /*
  - * $Header: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java,v
 1.39 2001/10/04 03:36:49 remm Exp $
  - * $Revision: 1.39 $
  - * $Date: 2001/10/04 03:36:49 $
  + * $Header: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java,v
 1.40 2001/11/13 19:39:27 patrickl Exp $
  + * $Revision: 1.40 $
  + * $Date: 2001/11/13 19:39:27 $
    *
    * ====================================================================
    *
  @@ -101,7 +101,7 @@
    *
    * @author Craig R. McClanahan
    * @author Remy Maucherat
  - * @version $Revision: 1.39 $ $Date: 2001/10/04 03:36:49 $
  + * @version $Revision: 1.40 $ $Date: 2001/11/13 19:39:27 $
    */
   
   public class HttpResponseBase
  @@ -1087,9 +1087,13 @@
           resetBuffer();
   
           // Generate a temporary redirect to the specified location
  -        String absolute = toAbsolute(location);
  -        setStatus(SC_MOVED_TEMPORARILY);
  -        setHeader("Location", absolute);
  +        try {
  +            String absolute = toAbsolute(location);
  +            setStatus(SC_MOVED_TEMPORARILY);
  +            setHeader("Location", absolute);
  +        } catch (IllegalArgumentException e) {
  +            setStatus(SC_NOT_FOUND);
  +        }
   
       }
   
  
  
  

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to