This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new d1cfe8c0df Minor WebDAV fixes
d1cfe8c0df is described below
commit d1cfe8c0dfa040af7c066d8db2218bd4262c4a24
Author: remm <r...@apache.org>
AuthorDate: Mon Oct 28 22:37:10 2024 +0100
Minor WebDAV fixes
Reject with 400 any Depth header with invalid values (as was done in
copyResource, which I had forgotten about), submitted by Chen Jp.
Reject bad propfind requests with 400.
Accept chunked body for propfind.
---
.../apache/catalina/servlets/WebdavServlet.java | 34 ++++++++++++++++++++--
1 file changed, 31 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index 83dd664db4..845c60f465 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -813,7 +813,7 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
// Propfind depth
int depth = maxDepth;
// Propfind type
- int type = FIND_ALL_PROP;
+ int type = -1;
String depthStr = req.getHeader("Depth");
@@ -826,10 +826,13 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
depth = 1;
} else if (depthStr.equals("infinity")) {
depth = maxDepth;
+ } else {
+ resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+ return;
}
}
- if (req.getContentLengthLong() > 0) {
+ if (req.getContentLengthLong() > 0 ||
"chunked".equalsIgnoreCase(req.getHeader("Transfer-Encoding"))) {
DocumentBuilder documentBuilder = getDocumentBuilder();
try {
@@ -851,6 +854,11 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
case Node.ELEMENT_NODE:
String nodeName = getDAVNode(currentNode);
if ("prop".equals(nodeName)) {
+ if (type >= 0) {
+ // Another was already defined
+
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+ return;
+ }
type = FIND_BY_PROPERTY;
NodeList propChildList =
currentNode.getChildNodes();
for (int j = 0; j < propChildList.getLength();
j++) {
@@ -865,9 +873,19 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
}
if ("propname".equals(nodeName)) {
+ if (type >= 0) {
+ // Another was already defined
+
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+ return;
+ }
type = FIND_PROPERTY_NAMES;
}
if ("allprop".equals(nodeName)) {
+ if (type >= 0) {
+ // Another was already defined
+
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+ return;
+ }
type = FIND_ALL_PROP;
}
break;
@@ -878,6 +896,13 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
return;
}
+ if (type == -1) {
+ // Nothing meaningful in the propfind element
+ resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+ return;
+ }
+ } else {
+ type = FIND_ALL_PROP;
}
WebResource resource = resources.getResource(path);
@@ -1319,8 +1344,11 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
} else {
if (depthStr.equals("0")) {
lock.depth = 0;
- } else {
+ } else if (depthStr.equals("infinity")) {
lock.depth = maxDepth;
+ } else {
+ resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+ return;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
