Author: markt
Date: Thu Jan 13 17:55:55 2011
New Revision: 1058689
URL: http://svn.apache.org/viewvc?rev=1058689&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=18797
Provide null/zero-length protection
Modified:
tomcat/trunk/java/org/apache/catalina/users/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/users/MemoryUserDatabase.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/users/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/users/LocalStrings.properties?rev=1058689&r1=1058688&r2=1058689&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/users/LocalStrings.properties
(original)
+++ tomcat/trunk/java/org/apache/catalina/users/LocalStrings.properties Thu Jan
13 17:55:55 2011
@@ -14,9 +14,12 @@
# limitations under the License.
memoryUserDatabase.invalidGroup=Invalid group name {0}
+memoryUserDatabase.notPersistable=User database is not persistable - no write
permissions on directory
+memoryUserDatabase.nullGroup=Null or zero length group name specified. The
group will be ignored.
+memoryUserDatabase.nullRole=Null or zero length role name specified. The role
will be ignored.
+memoryUserDatabase.nullUser=Null or zero length user name specified. The user
will be ignored.
+memoryUserDatabase.readOnly=User database has been configured to be read only.
Changes cannot be saved
memoryUserDatabase.renameOld=Cannot rename original file to {0}
memoryUserDatabase.renameNew=Cannot rename new file to {0}
memoryUserDatabase.writeException=IOException writing to {0}
-memoryUserDatabase.notPersistable=User database is not persistable - no write
permissions on directory
-memoryUserDatabase.readOnly=User database has been configured to be read only.
Changes cannot be saved
memoryUserDatabase.xmlFeatureEncoding=Exception configuring digester to permit
java encoding names in XML files. Only IANA encoding names will be supported.
Modified: tomcat/trunk/java/org/apache/catalina/users/MemoryUserDatabase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/users/MemoryUserDatabase.java?rev=1058689&r1=1058688&r2=1058689&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/users/MemoryUserDatabase.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/users/MemoryUserDatabase.java Thu Jan
13 17:55:55 2011
@@ -272,6 +272,12 @@ public class MemoryUserDatabase implemen
*/
public Group createGroup(String groupname, String description) {
+ if (groupname == null || groupname.length() == 0) {
+ String msg = sm.getString("memoryUserDatabase.nullGroup");
+ log.warn(msg);
+ throw new IllegalArgumentException(msg);
+ }
+
MemoryGroup group = new MemoryGroup(this, groupname, description);
synchronized (groups) {
groups.put(group.getGroupname(), group);
@@ -289,6 +295,12 @@ public class MemoryUserDatabase implemen
*/
public Role createRole(String rolename, String description) {
+ if (rolename == null || rolename.length() == 0) {
+ String msg = sm.getString("memoryUserDatabase.nullRole");
+ log.warn(msg);
+ throw new IllegalArgumentException(msg);
+ }
+
MemoryRole role = new MemoryRole(this, rolename, description);
synchronized (roles) {
roles.put(role.getRolename(), role);
@@ -308,12 +320,17 @@ public class MemoryUserDatabase implemen
public User createUser(String username, String password,
String fullName) {
+ if (username == null || username.length() == 0) {
+ String msg = sm.getString("memoryUserDatabase.nullUser");
+ log.warn(msg);
+ throw new IllegalArgumentException(msg);
+ }
+
MemoryUser user = new MemoryUser(this, username, password, fullName);
synchronized (users) {
users.put(user.getUsername(), user);
}
return (user);
-
}
@@ -399,13 +416,13 @@ public class MemoryUserDatabase implemen
}
digester.addFactoryCreate
("tomcat-users/group",
- new MemoryGroupCreationFactory(this));
+ new MemoryGroupCreationFactory(this), true);
digester.addFactoryCreate
("tomcat-users/role",
- new MemoryRoleCreationFactory(this));
+ new MemoryRoleCreationFactory(this), true);
digester.addFactoryCreate
("tomcat-users/user",
- new MemoryUserCreationFactory(this));
+ new MemoryUserCreationFactory(this), true);
// Parse the XML input file to load this database
try {
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1058689&r1=1058688&r2=1058689&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Jan 13 17:55:55 2011
@@ -49,6 +49,11 @@
<code>stderr</code> internally so users retain the option to treat the
separately. (markt)
</fix>
+ <add>
+ <bug>18797</bug>: Provide protection against <code>null</code> or zero
+ length names being provided for users, roles and groups in the
+ <code>MemoryRealm</code> and <code>UserDatabaseRealm</code>. (markt)
+ </add>
<update>
Improve fix for <bug>50205</bug> to trigger an error earlier if invalid
configuration is used. (markt)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
