This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new a6c006c7f4 Evaluate to false for any invalid paths to avoid NPE
a6c006c7f4 is described below
commit a6c006c7f4ecb67f2535b890e268ab433569afdd
Author: remm <r...@apache.org>
AuthorDate: Fri Jul 4 16:27:55 2025 +0200
Evaluate to false for any invalid paths to avoid NPE
Found by coverity.
---
java/org/apache/catalina/servlets/WebdavServlet.java | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index 6deb8c79bf..d8fcd1b48d 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -685,6 +685,10 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
if (hrefs.hasNext()) {
currentHref = hrefs.next();
currentPath = getPathFromHref(currentHref, request);
+ if (currentPath == null) {
+ // The path was invalid
+ return false;
+ }
currentWebResource = resources.getResource(currentPath);
} else {
break;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
