Author: markt
Date: Wed Jun 10 11:15:02 2009
New Revision: 783292
URL: http://svn.apache.org/viewvc?rev=783292&view=rev
Log:
Fix port for CVE-2008-5515.
FileDirContext needs own normalize method as RequestUtil is not visible due to
class loader structure
Modified:
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java
Modified:
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java
URL:
http://svn.apache.org/viewvc/tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java?rev=783292&r1=783291&r2=783292&view=diff
==============================================================================
---
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java
(original)
+++
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java
Wed Jun 10 11:15:02 2009
@@ -36,7 +36,6 @@
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
-import org.apache.catalina.util.RequestUtil;
import org.apache.naming.NamingEntry;
import org.apache.naming.NamingContextBindingsEnumeration;
import org.apache.naming.NamingContextEnumeration;
@@ -771,7 +770,56 @@
* @param path Path to be normalized
*/
protected String normalize(String path) {
- return RequestUtil.normalize(path, File.separatorChar == '\\');
+
+ if (path == null)
+ return null;
+
+ // Create a place for the normalized path
+ String normalized = path;
+
+ if (File.separatorChar == '\\' && normalized.indexOf('\\') >= 0)
+ normalized = normalized.replace('\\', '/');
+
+ if (normalized.equals("/."))
+ return "/";
+
+ // Add a leading "/" if necessary
+ if (!normalized.startsWith("/"))
+ normalized = "/" + normalized;
+
+ // Resolve occurrences of "//" in the normalized path
+ while (true) {
+ int index = normalized.indexOf("//");
+ if (index < 0)
+ break;
+ normalized = normalized.substring(0, index) +
+ normalized.substring(index + 1);
+ }
+
+ // Resolve occurrences of "/./" in the normalized path
+ while (true) {
+ int index = normalized.indexOf("/./");
+ if (index < 0)
+ break;
+ normalized = normalized.substring(0, index) +
+ normalized.substring(index + 2);
+ }
+
+ // Resolve occurrences of "/../" in the normalized path
+ while (true) {
+ int index = normalized.indexOf("/../");
+ if (index < 0)
+ break;
+ if (index == 0)
+ return (null); // Trying to go outside our context
+ int index2 = normalized.lastIndexOf('/', index - 1);
+ normalized = normalized.substring(0, index2) +
+ normalized.substring(index + 3);
+ }
+
+ // Return the normalized path that we have completed
+ return (normalized);
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
