Author: markt
Date: Tue Jun  5 17:51:12 2007
New Revision: 544697

URL: http://svn.apache.org/viewvc?view=rev&rev=544697
Log:
Port fix for CVE-2007-1358 to TC5.0.x
Modified:
    
tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java

Modified: 
tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java
URL: 
http://svn.apache.org/viewvc/tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java?view=diff&rev=544697&r1=544696&r2=544697
==============================================================================
--- 
tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java
 (original)
+++ 
tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java
 Tue Jun  5 17:51:12 2007
@@ -2539,6 +2539,9 @@
                     variant = "";
                 }
             }
+            if (!isAlpha(language) || !isAlpha(country) || !isAlpha(variant)) {
+                continue;
+            }
 
             // Add a new Locale to the list of Locales for this quality level
             Locale locale = new Locale(language, country, variant);
@@ -2602,6 +2605,16 @@
             throwable.printStackTrace(System.out);
         }
 
+    }
+
+    protected static final boolean isAlpha(String value) {
+        for (int i = 0; i < value.length(); i++) {
+            char c = value.charAt(i);
+            if (!((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z'))) {
+                return false;
+            }
+        }
+        return true;
     }
 
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to