[Bug 63579] New: o.a.catalina.webresources.StandardRoot.validate generates an IllegalArgumentException leading to a 500

Mon, 22 Jul 2019 07:40:58 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=63579

            Bug ID: 63579
           Summary: o.a.catalina.webresources.StandardRoot.validate
                    generates an IllegalArgumentException leading to a 500
           Product: Tomcat 9
           Version: 9.0.22
          Hardware: PC
                OS: Mac OS X 10.1
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: a...@forallsecure.com
  Target Milestone: -----

Tomcat can generate a 500 response when validating the request path. The issue
can be reproduced with the following command, assuming tomcat is listening on
8080:

```
$ echo -ne "GET *; HTTP/1.1\r\nHost:\r\n\r\n" | nc localhost 8080
HTTP/1.1 500
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1973
Date: Mon, 22 Jul 2019 14:38:08 GMT
Connection: close

<!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server
Error</title><style type="text/css">h1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
h2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
h3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
a {color:black;} a.name {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP
Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b>
Exception Report</p><p><b>Message</b> The resource path [*] is not
valid</p><p><b>Description</b> The server encountered an unexpected condition
that prevented it from fulfilling the
request.</p><p><b>Exception</b></p><pre>java.lang.IllegalArgumentException: The
resource path [*] is not valid
       
org.apache.catalina.webresources.StandardRoot.validate(StandardRoot.java:252)
       
org.apache.catalina.webresources.StandardRoot.getResource(StandardRoot.java:213)
       
org.apache.catalina.webresources.StandardRoot.getResource(StandardRoot.java:207)
       
org.apache.catalina.servlets.DefaultServlet.serveResource(DefaultServlet.java:832)
       
org.apache.catalina.servlets.DefaultServlet.doGet(DefaultServlet.java:497)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
       
org.apache.catalina.servlets.DefaultServlet.service(DefaultServlet.java:477)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
        org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
</pre><p><b>Note</b> The full stack trace of the root cause is available in the
server logs.</p><hr class="line" /><h3>Apache
Tomcat/9.0.22-dev</h3></body></html>
```

I'm running tomcat from source after compiling it with ant. Version is 'Apache
Tomcat/9.0.22-dev', and commit is ed26bdbaf639a17c02a1e864d2c0553ed3f95971 from
Jul 22.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to