Am 2018-07-25 um 22:13 schrieb Michael Osipov:
Hi folks,
I might have found a bug and looking for someone to confirm. (Tested in
Tomcat 8.5.32).
Consider the following servlet:
@WebServlet("/request-dispatcher")
public class TestServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
String jsp = request.getParameter("jsp");
if (jsp == null || jsp.isEmpty())
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
else {
System.out.println("Requested JSP: " + jsp);
RequestDispatcher dispatcher =
request.getRequestDispatcher("/" + jsp);
dispatcher.forward(request, response);
}
}
}
Now this call:
$ curl --verbose
http://localhost:8080/test/request-dispatcher?jsp=1380%2B0.jsp
* STATE: INIT => CONNECT handle 0x25de150; line 1392 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => WAITRESOLVE handle 0x25de150; line 1428
(connection #0)
% Total % Received % Xferd Average Speed Time Time
Time Current
Dload Upload Total Spent
Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0* Trying ::1...
* TCP_NODELAY set
* STATE: WAITRESOLVE => WAITCONNECT handle 0x25de150; line 1509
(connection #0)
* Connected to localhost (::1) port 8080 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x25de150; line 1561
(connection #0)
* Marked for [keep alive]: HTTP default
* STATE: SENDPROTOCONNECT => DO handle 0x25de150; line 1579
(connection #0)
GET /test/request-dispatcher?jsp=1380%2B0.jsp HTTP/1.1
Host: localhost:8080
User-Agent: curl/7.58.0
Accept: */*
* STATE: DO => DO_DONE handle 0x25de150; line 1658 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x25de150; line 1783
(connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x25de150; line 1799
(connection #0)
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 404
< Content-Type: text/html;charset=utf-8
< Content-Language: en
< Content-Length: 1093
< Date: Wed, 25 Jul 2018 19:44:30 GMT
Now this one:
$ curl -I http://localhost:8080/test/1380+0.jsp
--verbose * STATE: INIT => CONNECT handle
0x66e150; line 1392 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => WAITRESOLVE handle 0x66e150; line 1428 (connection
#0)
% Total % Received % Xferd Average Speed Time Time
Time Current
Dload Upload Total Spent
Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0* Trying ::1...
* TCP_NODELAY set
* STATE: WAITRESOLVE => WAITCONNECT handle 0x66e150; line 1509
(connection #0)
* Connected to localhost (::1) port 8080 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x66e150; line 1561
(connection #0)
* Marked for [keep alive]: HTTP default
* STATE: SENDPROTOCONNECT => DO handle 0x66e150; line 1579 (connection
#0)
HEAD /test/1380+0.jsp HTTP/1.1
Host: localhost:8080
User-Agent: curl/7.58.0
Accept: */*
* STATE: DO => DO_DONE handle 0x66e150; line 1658 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x66e150; line 1783 (connection
#0)
* STATE: WAITPERFORM => PERFORM handle 0x66e150; line 1799 (connection
#0)
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 200
< Set-Cookie: JSESSIONID=FC911829DB08950A03808483C61DFBDF; Path=/test;
HttpOnly
< Content-Type: text/html;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Wed, 25 Jul 2018 19:45:12 GMT
I know that #getRequestDispatcher() requires a RFC 3986 compliant URI
which this one is according to JS' encodeURI().
The root cause, imho, is ApplicationContext.java:432:
decodedPath = URLDecoder.decode(normalizedPath, "UTF-8");
This is deemed to fail because URLDecoder has not been designed for
URIs, but for "This class contains static methods for decoding a String
from the application/x-www-form-urlencoded MIME format."
It is used in
ApplicationContext.java
WebappLoader.java
CGIServlet.java
JspRuntimeContext.java
I consider this to be a bug, I know that Tomcat has its own URLEncoder,
but it seems that we need a compliant URLDecoder or use UDecoder?.
Can someone confirm?
No opinion on? Shall I create a bug report?
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org