This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit dd6094b88a722880766bf0afadac93238a82fd56
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jan 28 17:15:40 2021 +0000
Fix bug 65106. Don't try to treat absolute URIs as files
Not that the InvalidPathException catch block was removed as valid
file:/... URIs will now skip the File and class loader block and be
processed just as URIs.
---
.../startup/CatalinaBaseConfigurationSource.java | 83 +++++++++++-----------
webapps/docs/changelog.xml | 8 +++
2 files changed, 51 insertions(+), 40 deletions(-)
diff --git
a/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
b/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
index 90ebed7..f907bde 100644
--- a/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
+++ b/java/org/apache/catalina/startup/CatalinaBaseConfigurationSource.java
@@ -24,8 +24,8 @@ import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
-import java.nio.file.InvalidPathException;
+import org.apache.tomcat.util.buf.UriUtil;
import org.apache.tomcat.util.file.ConfigurationSource;
import org.apache.tomcat.util.res.StringManager;
@@ -77,34 +77,31 @@ public class CatalinaBaseConfigurationSource implements
ConfigurationSource {
@Override
public Resource getResource(String name) throws IOException {
- // Location was originally always a file before URI support was added
so
- // try file first.
-
- File f = new File(name);
- if (!f.isAbsolute()) {
- f = new File(catalinaBaseFile, name);
- }
- if (f.isFile()) {
- FileInputStream fis = new FileInputStream(f);
- return new Resource(fis, f.toURI());
- }
-
- // Try classloader
- InputStream stream = null;
- try {
- stream = getClass().getClassLoader().getResourceAsStream(name);
- if (stream != null) {
- return new Resource(stream,
getClass().getClassLoader().getResource(name).toURI());
+ // Originally only File was supported. Class loader and URI were added
+ // later. However (see bug 65106) treating some URIs as files can cause
+ // problems. Therefore, if path starts with a valid URI scheme then
skip
+ // straight to processing this as a URI.
+ if (!UriUtil.isAbsoluteURI(name)) {
+ File f = new File(name);
+ if (!f.isAbsolute()) {
+ f = new File(catalinaBaseFile, name);
}
- } catch (InvalidPathException e) {
- // Ignore. Some valid file URIs can trigger this.
- // Stream should be null here but check to be on the safe side.
- if (stream != null) {
+ if (f.isFile()) {
+ FileInputStream fis = new FileInputStream(f);
+ return new Resource(fis, f.toURI());
+ }
+
+ // Try classloader
+ InputStream stream = null;
+ try {
+ stream = getClass().getClassLoader().getResourceAsStream(name);
+ if (stream != null) {
+ return new Resource(stream,
getClass().getClassLoader().getResource(name).toURI());
+ }
+ } catch (URISyntaxException e) {
stream.close();
+ throw new
IOException(sm.getString("catalinaConfigurationSource.cannotObtainURL", name),
e);
}
- } catch (URISyntaxException e) {
- stream.close();
- throw new
IOException(sm.getString("catalinaConfigurationSource.cannotObtainURL", name),
e);
}
// Then try URI.
@@ -126,22 +123,28 @@ public class CatalinaBaseConfigurationSource implements
ConfigurationSource {
@Override
public URI getURI(String name) {
- File f = new File(name);
- if (!f.isAbsolute()) {
- f = new File(catalinaBaseFile, name);
- }
- if (f.isFile()) {
- return f.toURI();
- }
+ // Originally only File was supported. Class loader and URI were added
+ // later. However (see bug 65106) treating some URIs as files can cause
+ // problems. Therefore, if path starts with a valid URI scheme then
skip
+ // straight to processing this as a URI.
+ if (!UriUtil.isAbsoluteURI(name)) {
+ File f = new File(name);
+ if (!f.isAbsolute()) {
+ f = new File(catalinaBaseFile, name);
+ }
+ if (f.isFile()) {
+ return f.toURI();
+ }
- // Try classloader
- try {
- URL resource = getClass().getClassLoader().getResource(name);
- if (resource != null) {
- return resource.toURI();
+ // Try classloader
+ try {
+ URL resource = getClass().getClassLoader().getResource(name);
+ if (resource != null) {
+ return resource.toURI();
+ }
+ } catch (Exception e) {
+ // Ignore
}
- } catch (Exception e) {
- // Ignore
}
return getURIInternal(name);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 640c6c9..682b932 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,6 +104,14 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 10.0.2 (markt)" rtext="in development">
+ <subsection name="Catalina">
+ <changelog>
+ <fix>
+ <bug>65106</bug>: Fix the ConfigFileLoader handling of file URIs when
+ running under a security manager on some JREs. (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Coyote">
<changelog>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
