Author: markt
Date: Wed Jul 30 06:51:25 2008
New Revision: 681029
URL: http://svn.apache.org/viewvc?rev=681029&view=rev
Log:
Port r678137 from 6.0.x
Additional normalization check
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java
tomcat/container/tc5.5.x/webapps/docs/changelog.xml
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java?rev=681029&r1=681028&r2=681029&view=diff
==============================================================================
---
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java
(original)
+++
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java
Wed Jul 30 06:51:25 2008
@@ -263,6 +263,12 @@
}
// Character decoding
convertURI(decodedURI, request);
+ // Check that the URI is still normalized
+ if (!checkNormalize(req.decodedURI())) {
+ res.setStatus(400);
+ res.setMessage("Invalid URI character encoding");
+ return false;
+ }
} else {
// The URL is chars or String, and has been sent using an in-memory
// protocol handler, we have to assume the URL has been properly
@@ -632,6 +638,67 @@
}
+ /**
+ * Check that the URI is normalized following character decoding.
+ * <p>
+ * This method checks for "\", 0, "//", "/./" and "/../". This method will
+ * return false if sequences that are supposed to be normalized are still
+ * present in the URI.
+ *
+ * @param uriMB URI to be checked (should be chars)
+ */
+ public static boolean checkNormalize(MessageBytes uriMB) {
+
+ CharChunk uriCC = uriMB.getCharChunk();
+ char[] c = uriCC.getChars();
+ int start = uriCC.getStart();
+ int end = uriCC.getEnd();
+
+ int pos = 0;
+
+ // Check for '\' and 0
+ for (pos = start; pos < end; pos++) {
+ if (c[pos] == '\\') {
+ return false;
+ }
+ if (c[pos] == 0) {
+ return false;
+ }
+ }
+
+ // Check for "//"
+ for (pos = start; pos < (end - 1); pos++) {
+ if (c[pos] == '/') {
+ if (c[pos + 1] == '/') {
+ return false;
+ }
+ }
+ }
+
+ // Check for ending with "/." or "/.."
+ if (((end - start) >= 2) && (c[end - 1] == '.')) {
+ if ((c[end - 2] == '/')
+ || ((c[end - 2] == '.')
+ && (c[end - 3] == '/'))) {
+ return false;
+ }
+ }
+
+ // Check for "/./"
+ if (uriCC.indexOf("/./", 0, 3, 0) >= 0) {
+ return false;
+ }
+
+ // Check for "/../"
+ if (uriCC.indexOf("/../", 0, 4, 0) >= 0) {
+ return false;
+ }
+
+ return true;
+
+ }
+
+
// ------------------------------------------------------ Protected Methods
Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=681029&r1=681028&r2=681029&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Wed Jul 30 06:51:25 2008
@@ -40,6 +40,13 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Catalina">
+ <changelog>
+ <fix>
+ Add additional checks for URI normalization. (remm)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Webapps">
<changelog>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
