Re: svn commit: r1809248 - /tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java

Thu, 21 Sep 2017 23:45:48 -0700 

On 22/09/17 01:29, kkoli...@apache.org wrote:
> Author: kkolinko
> Date: Fri Sep 22 00:29:54 2017
> New Revision: 1809248
> 
> URL: http://svn.apache.org/viewvc?rev=1809248&view=rev
> Log:
> Remove condition that is always false, thanks to 
> "canPath.startsWith(canonicalBase)" check a few lines earlier.

Thanks for catching this.

I've been trying to think if there are any circumstances under which the

absoluteBase.length() > absPath.length()

test could fail. I can't think of any but I'm not confident enough of
that at this point to remove the check.

Mark


> 
> Modified:
>     
> tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
> 
> Modified: 
> tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java?rev=1809248&r1=1809247&r2=1809248&view=diff
> ==============================================================================
> --- 
> tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
>  (original)
> +++ 
> tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
>  Fri Sep 22 00:29:54 2017
> @@ -93,11 +93,10 @@ public abstract class AbstractFileResour
>          // the request processing) but might be possible for some access via 
> the
>          // Servlet API (RequestDispatcher, HTTP/2 push etc.) therefore these
>          // checks are retained as an additional safety measure
> -        // absoluteBase has been normalized so absPath needs to normalized as
> +        // absoluteBase has been normalized so absPath needs to be 
> normalized as
>          // well.
>          String absPath = normalize(file.getAbsolutePath());
> -        if (absoluteBase.length() > absPath.length() ||
> -                canonicalBase.length() > canPath.length()) {
> +        if (absoluteBase.length() > absPath.length()) {
>              return null;
>          }
>  
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to