svn commit: r1851754 - in /tomcat/trunk: java/org/apache/catalina/loader/WebappClassLoaderBase.java webapps/docs/changelog.xml

Mon, 21 Jan 2019 08:54:51 -0800 

Author: markt
Date: Mon Jan 21 16:54:30 2019
New Revision: 1851754

URL: http://svn.apache.org/viewvc?rev=1851754&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63038
Ensure that a ClassNotFoundException is thrown when attempting to load a class 
from a corrupted JAR file.

Modified:
    tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java?rev=1851754&r1=1851753&r2=1851754&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java Mon 
Jan 21 16:54:30 2019
@@ -2315,6 +2315,11 @@ public abstract class WebappClassLoaderB
             }
 
             byte[] binaryContent = resource.getContent();
+            if (binaryContent == null) {
+                // Something went wrong reading the class bytes (and will have
+                // been logged at debug level).
+                return null;
+            }
             Manifest manifest = resource.getManifest();
             URL codeBase = resource.getCodeBase();
             Certificate[] certificates = resource.getCertificates();

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1851754&r1=1851753&r2=1851754&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Jan 21 16:54:30 2019
@@ -98,6 +98,11 @@
         errors rather than server side errors and only logged at debug level.
         (markt)
       </scode>
+      <fix>
+        <bug>63038</bug>: Ensure that a <code>ClassNotFoundException</code> is
+        thrown when attempting to load a class from a corrupted JAR file.
+        (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to