larryi 02/01/08 22:29:07 Modified: src/share/org/apache/tomcat/util JavaGeneratorTool.java Log: Try to avoid denial of service attack where a JSP page uses a name matching a Windows DOS device name, such as aux.jsp. Otherwise, attempting to read the device may hang the thread servicing the request. Revision Changes Path 1.6 +5 -1 jakarta-tomcat/src/share/org/apache/tomcat/util/JavaGeneratorTool.java Index: JavaGeneratorTool.java =================================================================== RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/JavaGeneratorTool.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- JavaGeneratorTool.java 19 Dec 2001 02:39:39 -0000 1.5 +++ JavaGeneratorTool.java 9 Jan 2002 06:29:07 -0000 1.6 @@ -153,7 +153,11 @@ int version=0; try { FileInputStream fis=new FileInputStream( mapFile ); - version=(int)fis.read(); + // The following helps avoid blocking on Windows DOS devices + // if someone tries to access something like aux.jsp. + if( fis.available() > 0 ) { + version=(int)fis.read(); + } fis.close(); } catch( Exception ex ) { System.out.println("readVersion() mapPath=" + mapFile + ex);
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>