Author: markt
Date: Sat Jun 30 20:40:20 2018
New Revision: 1834763
URL: http://svn.apache.org/viewvc?rev=1834763&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62498
Correct a regression in the fix for CVE-2017-12617 that caused request failures
for some requests when using the VirtualDirContext.
Added:
tomcat/tc7.0.x/trunk/test/org/apache/naming/resources/TestVirtualDirContext.java
(with props)
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/VirtualDirContext.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/VirtualDirContext.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/VirtualDirContext.java?rev=1834763&r1=1834762&r2=1834763&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/VirtualDirContext.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/VirtualDirContext.java
Sat Jun 30 20:40:20 2018
@@ -212,7 +212,8 @@ public class VirtualDirContext extends F
}
}
}
- if (name.startsWith(path + "/")) {
+ path += "/";
+ if (name.startsWith(path)) {
String res = name.substring(path.length());
for (String resourcesDir : dirList) {
file = new File(resourcesDir, res);
Added:
tomcat/tc7.0.x/trunk/test/org/apache/naming/resources/TestVirtualDirContext.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/naming/resources/TestVirtualDirContext.java?rev=1834763&view=auto
==============================================================================
---
tomcat/tc7.0.x/trunk/test/org/apache/naming/resources/TestVirtualDirContext.java
(added)
+++
tomcat/tc7.0.x/trunk/test/org/apache/naming/resources/TestVirtualDirContext.java
Sat Jun 30 20:40:20 2018
@@ -0,0 +1,102 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.naming.resources;
+
+import java.io.File;
+
+import javax.naming.NamingException;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import org.apache.catalina.startup.LoggingBaseTest;
+
+public class TestVirtualDirContext {
+
+ @Test
+ public void testBug62498() throws NamingException {
+ VirtualDirContext vdc = new VirtualDirContext();
+ // No docBase
+ vdc.setExtraResourcePaths("/=" +
LoggingBaseTest.getBuildDirectory().getAbsolutePath());
+
+ vdc.allocate();
+
+ File f1 = vdc.file("");
+ Assert.assertNotNull(f1);
+ File f2 = vdc.file("/");
+ Assert.assertNotNull(f2);
+ Assert.assertEquals(f1.getAbsolutePath(), f2.getAbsolutePath());
+
+ Object obj1 = vdc.lookup("");
+ Assert.assertTrue(obj1 instanceof FileDirContext);
+ Object obj2 = vdc.lookup("/");
+ Assert.assertTrue(obj2 instanceof FileDirContext);
+ Assert.assertEquals(((FileDirContext) obj1).absoluteBase,
((FileDirContext) obj2).absoluteBase);
+ }
+
+
+ @Test
+ public void testBug62498a() {
+ VirtualDirContext vdc = new VirtualDirContext();
+ // No docBase
+ vdc.setExtraResourcePaths("/=" +
LoggingBaseTest.getBuildDirectory().getAbsolutePath());
+
+ vdc.allocate();
+
+ File f1 = vdc.file("");
+ Assert.assertNotNull(f1);
+ }
+
+
+ @Test
+ public void testBug62498b() {
+ VirtualDirContext vdc = new VirtualDirContext();
+ // No docBase
+ vdc.setExtraResourcePaths("/=" +
LoggingBaseTest.getBuildDirectory().getAbsolutePath());
+
+ vdc.allocate();
+
+ File f2 = vdc.file("/");
+ Assert.assertNotNull(f2);
+ }
+
+
+ @Test
+ public void testBug62498c() throws NamingException {
+ VirtualDirContext vdc = new VirtualDirContext();
+ // No docBase
+ vdc.setExtraResourcePaths("/=" +
LoggingBaseTest.getBuildDirectory().getAbsolutePath());
+
+ vdc.allocate();
+
+ Object obj1 = vdc.lookup("");
+ Assert.assertTrue(obj1 instanceof FileDirContext);
+ }
+
+
+ @Test
+ public void testBug62498d() throws NamingException {
+ VirtualDirContext vdc = new VirtualDirContext();
+ // No docBase
+ vdc.setExtraResourcePaths("/=" +
LoggingBaseTest.getBuildDirectory().getAbsolutePath());
+
+ vdc.allocate();
+
+ Object obj2 = vdc.lookup("/");
+ Assert.assertTrue(obj2 instanceof FileDirContext);
+ }
+}
Propchange:
tomcat/tc7.0.x/trunk/test/org/apache/naming/resources/TestVirtualDirContext.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1834763&r1=1834762&r2=1834763&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Sat Jun 30 20:40:20 2018
@@ -58,6 +58,13 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 7.0.90 (violetagg)">
+ <subsection name="Catalina">
+ <changelog>
+ <fix>62498</fix>: Correct a regression in the fix for CVE-2017-12617 that
+ caused request failures for some requests when using the
+ <code>VirtualDirContext</code>. (markt)
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 7.0.89 (violetagg)">
<subsection name="Catalina">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
