markt-asf commented on a change in pull request #176: CoyoteAdapter: fix
out-of-bounds read in checkNormalize
URL: https://github.com/apache/tomcat/pull/176#discussion_r299500242
##########
File path: java/org/apache/catalina/connector/CoyoteAdapter.java
##########
@@ -1271,6 +1276,11 @@ public static boolean checkNormalize(MessageBytes
uriMB) {
}
}
+ // The URL must start with '/'
+ if (c[start] != '/') {
+ return false;
+ }
+
// Check for ending with "/." or "/.."
Review comment:
Thanks. That is what I needed. That should be caught and rejected earlier. I
wonder what is going wrong.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
