Author: markt Date: Tue Jun 5 17:51:12 2007 New Revision: 544697 URL: http://svn.apache.org/viewvc?view=rev&rev=544697 Log: Port fix for CVE-2007-1358 to TC5.0.x
Modified: tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java Modified: tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java URL: http://svn.apache.org/viewvc/tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java?view=diff&rev=544697&r1=544696&r2=544697 ============================================================================== --- tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java (original) +++ tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java Tue Jun 5 17:51:12 2007 @@ -2539,6 +2539,9 @@ variant = ""; } } + if (!isAlpha(language) || !isAlpha(country) || !isAlpha(variant)) { + continue; + } // Add a new Locale to the list of Locales for this quality level Locale locale = new Locale(language, country, variant); @@ -2602,6 +2605,16 @@ throwable.printStackTrace(System.out); } + } + + protected static final boolean isAlpha(String value) { + for (int i = 0; i < value.length(); i++) { + char c = value.charAt(i); + if (!((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z'))) { + return false; + } + } + return true; } } --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]