[tomcat] branch 10.1.x updated: Restore ISE catching behavior

Thu, 02 Feb 2023 01:32:34 -0800 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new 0fb9397ff9 Restore ISE catching behavior
0fb9397ff9 is described below

commit 0fb9397ff90ee9ca8090f3da3da4c58ae353a442
Author: remm <[email protected]>
AuthorDate: Thu Feb 2 10:25:53 2023 +0100

    Restore ISE catching behavior
    
    This looks like a Java defect though: IOE is caught and returns false,
    while ISE is undocumented and simply falls out of the innocuous looking
    call. Workaround to restore the previous behavior and assume false.
---
 java/org/apache/tomcat/util/scan/JarFileUrlJar.java | 11 ++++++++++-
 webapps/docs/changelog.xml                          |  5 +++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/scan/JarFileUrlJar.java 
b/java/org/apache/tomcat/util/scan/JarFileUrlJar.java
index 6b248021a3..b482f45033 100644
--- a/java/org/apache/tomcat/util/scan/JarFileUrlJar.java
+++ b/java/org/apache/tomcat/util/scan/JarFileUrlJar.java
@@ -65,7 +65,16 @@ public class JarFileUrlJar implements Jar {
             jarFile = new JarFile(f, true, ZipFile.OPEN_READ, 
Runtime.version());
             jarFileURL = url;
         }
-        multiRelease = jarFile.isMultiRelease();
+        boolean multiReleaseValue = false;
+        try {
+            multiReleaseValue = jarFile.isMultiRelease();
+        } catch (IllegalStateException e) {
+            // ISE can be thrown if the JAR URL is bad, for example:
+            // https://github.com/spring-projects/spring-boot/issues/33633
+            // The Javadoc does not document that ISE and given what it does 
for a vanilla IOE,
+            // this looks like a Java bug, it should return false instead.
+        }
+        multiRelease = multiReleaseValue;
     }
 
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 7e3c90d07c..2ec2ca0c4f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -119,6 +119,11 @@
         Switch to using the ServiceLoader mechanism to load the custom URL
         protocol handlers that Tomcat uses. (markt)
       </update>
+      <fix>
+        Avoid possible ISE when scanning from bad JAR URLs, to restore the
+        previous behavior following the removal of Java 9+ reflection code 
which
+        caught the ISE. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to