This is an automated email from the ASF dual-hosted git repository.
rmaucher pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 0e53a89692 Minor code review fixes
0e53a89692 is described below
commit 0e53a896925b5ca9bfbc7998679236eba2f2e810
Author: remm <[email protected]>
AuthorDate: Sat Jun 13 00:14:49 2026 +0200
Minor code review fixes
---
.../apache/catalina/realm/MessageDigestCredentialHandler.java | 10 +++++++++-
java/org/apache/catalina/realm/RealmBase.java | 6 ++++--
java/org/apache/catalina/servlets/CGIServlet.java | 6 ++----
java/org/apache/catalina/servlets/WebdavServlet.java | 10 +++++-----
.../org/apache/catalina/ssi/ByteArrayServletOutputStream.java | 11 +----------
java/org/apache/catalina/ssi/SSIConditional.java | 3 +++
java/org/apache/catalina/ssi/SSIExec.java | 3 +++
java/org/apache/catalina/ssi/SSIServletExternalResolver.java | 3 +--
java/org/apache/catalina/util/SessionIdGeneratorBase.java | 3 +++
9 files changed, 31 insertions(+), 24 deletions(-)
diff --git a/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
b/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
index b146c260b7..8a93442103 100644
--- a/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
+++ b/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
@@ -154,10 +154,18 @@ public class MessageDigestCredentialHandler extends
DigestCredentialHandlerBase
// Need to convert the salt to bytes to apply it to the user's
// digested password.
String serverDigestPlusSalt = storedCredentials.substring(6);
- byte[] serverDigestPlusSaltBytes =
Base64.getDecoder().decode(serverDigestPlusSalt);
+ byte[] serverDigestPlusSaltBytes = null;
+ try {
+ serverDigestPlusSaltBytes =
Base64.getDecoder().decode(serverDigestPlusSalt);
+ } catch (IllegalArgumentException e) {
+ return false;
+ }
// Extract the first 20 bytes containing the SHA-1 digest
final int digestLength = 20;
+ if (serverDigestPlusSaltBytes.length < digestLength) {
+ return false;
+ }
byte[] serverDigestBytes = new byte[digestLength];
System.arraycopy(serverDigestPlusSaltBytes, 0,
serverDigestBytes, 0, digestLength);
diff --git a/java/org/apache/catalina/realm/RealmBase.java
b/java/org/apache/catalina/realm/RealmBase.java
index 9c840d0793..1e2ab221ab 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -363,11 +363,13 @@ public abstract class RealmBase extends
LifecycleMBeanBase implements Realm {
return null;
}
- if (containerLog.isTraceEnabled()) {
+ Principal principal = getPrincipal(username);
+
+ if (principal != null && containerLog.isTraceEnabled()) {
containerLog.trace(sm.getString("realmBase.authenticateSuccess",
username));
}
- return getPrincipal(username);
+ return principal;
}
diff --git a/java/org/apache/catalina/servlets/CGIServlet.java
b/java/org/apache/catalina/servlets/CGIServlet.java
index 89ae52effd..3e9e9a61d7 100644
--- a/java/org/apache/catalina/servlets/CGIServlet.java
+++ b/java/org/apache/catalina/servlets/CGIServlet.java
@@ -1326,13 +1326,11 @@ public final class CGIServlet extends HttpServlet {
* @param map Map to convert
*
* @return converted string array
- *
- * @exception NullPointerException if a hash key has a null value
*/
- protected String[] mapToStringArray(Map<String,?> map) throws
NullPointerException {
+ protected String[] mapToStringArray(Map<String,?> map) {
List<String> list = new ArrayList<>(map.size());
for (Entry<String,?> entry : map.entrySet()) {
- list.add(entry.getKey() + "=" + entry.getValue().toString());
+ list.add(entry.getKey() + "=" + (entry.getValue() == null ? ""
: entry.getValue().toString()));
}
return list.toArray(new String[0]);
}
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index 738b184bb9..812ece3291 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -1458,8 +1458,11 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
tv = tv.trim();
if (tv.startsWith("Second-")) {
try {
- lockDuration =
Integer.parseInt(tv.substring("Second-".length()));
- break;
+ int value =
Integer.parseInt(tv.substring("Second-".length()));
+ if (value > 0) {
+ lockDuration = value;
+ break;
+ }
} catch (NumberFormatException e) {
// Try the next value if any
}
@@ -1469,9 +1472,6 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
}
}
- if (lockDuration == 0) {
- lockDuration = DEFAULT_TIMEOUT;
- }
if (lockDuration > MAX_TIMEOUT) {
lockDuration = MAX_TIMEOUT;
}
diff --git a/java/org/apache/catalina/ssi/ByteArrayServletOutputStream.java
b/java/org/apache/catalina/ssi/ByteArrayServletOutputStream.java
index d4a3ce9054..afa2a76b8b 100644
--- a/java/org/apache/catalina/ssi/ByteArrayServletOutputStream.java
+++ b/java/org/apache/catalina/ssi/ByteArrayServletOutputStream.java
@@ -62,23 +62,14 @@ public class ByteArrayServletOutputStream extends
ServletOutputStream {
buf.write(b);
}
- /**
- * TODO SERVLET 3.1
- */
@Override
public boolean isReady() {
- // TODO Auto-generated method stub
- return false;
+ return true;
}
- /**
- * TODO SERVLET 3.1
- */
@Override
public void setWriteListener(WriteListener listener) {
- // TODO Auto-generated method stub
-
}
diff --git a/java/org/apache/catalina/ssi/SSIConditional.java
b/java/org/apache/catalina/ssi/SSIConditional.java
index 26bec49244..d122298265 100644
--- a/java/org/apache/catalina/ssi/SSIConditional.java
+++ b/java/org/apache/catalina/ssi/SSIConditional.java
@@ -134,6 +134,9 @@ public class SSIConditional implements SSICommand {
* Returns the "expr" if the arg name is appropriate, otherwise returns
null.
*/
private String getExpression(String[] paramNames, String[] paramValues) {
+ if (paramNames.length == 0 || paramValues.length == 0) {
+ return null;
+ }
if ("expr".equalsIgnoreCase(paramNames[0])) {
return paramValues[0];
}
diff --git a/java/org/apache/catalina/ssi/SSIExec.java
b/java/org/apache/catalina/ssi/SSIExec.java
index 7309230bb7..4ce3552277 100644
--- a/java/org/apache/catalina/ssi/SSIExec.java
+++ b/java/org/apache/catalina/ssi/SSIExec.java
@@ -53,6 +53,9 @@ public class SSIExec implements SSICommand {
public long process(SSIMediator ssiMediator, String commandName, String[]
paramNames, String[] paramValues,
PrintWriter writer) {
long lastModified = 0;
+ if (paramNames.length == 0 || paramValues.length == 0) {
+ return 0;
+ }
String configErrMsg = ssiMediator.getConfigErrMsg();
String paramName = paramNames[0];
String paramValue = paramValues[0];
diff --git a/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
b/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
index 8df72cbd7e..18a784a3c7 100644
--- a/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
+++ b/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
@@ -375,8 +375,7 @@ public class SSIServletExternalResolver implements
SSIExternalResolver {
} else if (nameParts[0].equals("SERVER")) {
if (nameParts[1].equals("ADDR")) {
retVal = req.getLocalAddr();
- }
- if (nameParts[1].equals("NAME")) {
+ } else if (nameParts[1].equals("NAME")) {
retVal = req.getServerName();
} else if (nameParts[1].equals("PORT")) {
retVal = Integer.toString(req.getServerPort());
diff --git a/java/org/apache/catalina/util/SessionIdGeneratorBase.java
b/java/org/apache/catalina/util/SessionIdGeneratorBase.java
index cd4a39bd60..cfd7366577 100644
--- a/java/org/apache/catalina/util/SessionIdGeneratorBase.java
+++ b/java/org/apache/catalina/util/SessionIdGeneratorBase.java
@@ -199,6 +199,9 @@ public abstract class SessionIdGeneratorBase extends
LifecycleBase implements Se
*/
@Override
public void setSessionIdLength(int sessionIdLength) {
+ if (sessionIdLength < 2) {
+ return;
+ }
this.sessionIdLength = sessionIdLength;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
