[tomcat] 02/02: Fix bug 65106. Don't try to treat absolute URIs as files

remm Thu, 28 Jan 2021 13:13:12 -0800

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


commit e8626d73b1df78c236d3e06dc878344c5a5ad73b
Author: remm <r...@apache.org>
AuthorDate: Thu Jan 28 22:12:01 2021 +0100

    Fix bug 65106. Don't try to treat absolute URIs as files
    
    Not that the InvalidPathException catch block was removed as valid
    file:/... URIs will now skip the File and class loader block and be
    processed just as URIs.
---
 .../apache/tomcat/util/file/ConfigFileLoader.java  | 22 +++++++++++++---------
 webapps/docs/changelog.xml                         |  8 ++++++++
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/java/org/apache/tomcat/util/file/ConfigFileLoader.java 
b/java/org/apache/tomcat/util/file/ConfigFileLoader.java
index 7cd66ab..54631b2 100644
--- a/java/org/apache/tomcat/util/file/ConfigFileLoader.java
+++ b/java/org/apache/tomcat/util/file/ConfigFileLoader.java
@@ -24,6 +24,7 @@ import java.io.InputStream;
 import java.net.URI;
 import java.net.URL;
 
+import org.apache.tomcat.util.buf.UriUtil;
 import org.apache.tomcat.util.res.StringManager;
 
 /**
@@ -69,15 +70,18 @@ public class ConfigFileLoader {
      *                     provided location
      */
     public static InputStream getInputStream(String location) throws 
IOException {
-        // Location was originally always a file before URI support was added 
so
-        // try file first.
-
-        File f = new File(location);
-        if (!f.isAbsolute()) {
-            f = new File(CATALINA_BASE_FILE, location);
-        }
-        if (f.isFile()) {
-            return new FileInputStream(f);
+        // Originally only File was supported. Class loader and URI were added
+        // later. However (see bug 65106) treating some URIs as files can cause
+        // problems. Therefore, if path starts with a valid URI scheme then 
skip
+        // straight to processing this as a URI.
+        if (!UriUtil.isAbsoluteURI(location)) {
+            File f = new File(location);
+            if (!f.isAbsolute()) {
+                f = new File(CATALINA_BASE_FILE, location);
+            }
+            if (f.isFile()) {
+                return new FileInputStream(f);
+            }
         }
 
         // File didn't work so try URI.
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e6abb85..35e4475 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,6 +104,14 @@
   issues do not "pop up" wrt. others).
 -->
 <section name="Tomcat 8.5.63 (markt)" rtext="in development">
+  <subsection name="Catalina">
+    <changelog>
+      <fix>
+        <bug>65106</bug>: Fix the ConfigFileLoader handling of file URIs when
+        running under a security manager on some JREs. (markt)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Coyote">
     <changelog>
       <fix>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/02: Fix bug 65106. Don't try to treat absolute URIs as files

Reply via email to