svn commit: r1653472 - in /tomcat/tc8.0.x/trunk: ./ conf/catalina.properties java/org/apache/catalina/startup/Bootstrap.java test/org/apache/catalina/startup/TestBootstrap.java webapps/docs/changelog.xml

Wed, 21 Jan 2015 02:13:10 -0800 

Author: markt
Date: Wed Jan 21 10:12:27 2015
New Revision: 1653472

URL: http://svn.apache.org/r1653472
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=57455
Add a note that " may not appear in a path value and throw an IAE if once does.

Modified:
    tomcat/tc8.0.x/trunk/   (props changed)
    tomcat/tc8.0.x/trunk/conf/catalina.properties
    tomcat/tc8.0.x/trunk/java/org/apache/catalina/startup/Bootstrap.java
    tomcat/tc8.0.x/trunk/test/org/apache/catalina/startup/TestBootstrap.java
    tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Jan 21 10:12:27 2015
@@ -1 +1 @@
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892
 
,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041
+/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892
 
,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471

Modified: tomcat/tc8.0.x/trunk/conf/catalina.properties
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/conf/catalina.properties?rev=1653472&r1=1653471&r2=1653472&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/conf/catalina.properties (original)
+++ tomcat/tc8.0.x/trunk/conf/catalina.properties Wed Jan 21 10:12:27 2015
@@ -48,6 +48,8 @@ org.apache.jasper.,org.apache.naming.,or
 #
 # Note: Values are enclosed in double quotes ("...") in case either the
 #       ${catalina.base} path or the ${catalina.home} path contains a comma.
+#       Because double quotes are used for quoting, the double quote character
+#       may not appear in a path.
 
common.loader="${catalina.base}/lib","${catalina.base}/lib/*.jar","${catalina.home}/lib","${catalina.home}/lib/*.jar"
 
 #
@@ -61,6 +63,11 @@ common.loader="${catalina.base}/lib","${
 #     "foo/*.jar": Add all the JARs of the specified folder as class
 #                  repositories
 #     "foo/bar.jar": Add bar.jar as a class repository
+#
+# Note: Values may be enclosed in double quotes ("...") in case either the
+#       ${catalina.base} path or the ${catalina.home} path contains a comma.
+#       Because double quotes are used for quoting, the double quote character
+#       may not appear in a path.
 server.loader=
 
 #
@@ -75,6 +82,11 @@ server.loader=
 #     "foo/bar.jar": Add bar.jar as a class repository
 # Please note that for single jars, e.g. bar.jar, you need the URL form
 # starting with file:.
+#
+# Note: Values may be enclosed in double quotes ("...") in case either the
+#       ${catalina.base} path or the ${catalina.home} path contains a comma.
+#       Because double quotes are used for quoting, the double quote character
+#       may not appear in a path.
 shared.loader=
 
 # Default list of JAR files that should not be scanned using the JarScanner

Modified: tomcat/tc8.0.x/trunk/java/org/apache/catalina/startup/Bootstrap.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/startup/Bootstrap.java?rev=1653472&r1=1653471&r2=1653472&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/catalina/startup/Bootstrap.java 
(original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/catalina/startup/Bootstrap.java Wed 
Jan 21 10:12:27 2015
@@ -568,14 +568,28 @@ public final class Bootstrap {
             String path = value.substring(matcher.start(), matcher.end());
 
             path = path.trim();
+            if (path.length() == 0) {
+                continue;
+            }
+
+            char first = path.charAt(0);
+            char last = path.charAt(path.length() - 1);
 
-            if (path.startsWith("\"") && path.length() > 1) {
+            if (first == '"' && last == '"' && path.length() > 1) {
                 path = path.substring(1, path.length() - 1);
                 path = path.trim();
-            }
-
-            if (path.length() == 0) {
-                continue;
+                if (path.length() == 0) {
+                    continue;
+                }
+            } else if (path.contains("\"")) {
+                // Unbalanced quotes
+                // Too early to use standard i18n support. The class path 
hasn't
+                // been configured.
+                throw new IllegalArgumentException(
+                        "The double quote [\"] character only be used to quote 
paths. It must " +
+                        "not appear in a path. This loader path is not valid: 
[" + value + "]");
+            } else {
+                // Not quoted - NO-OP
             }
 
             result.add(path);

Modified: 
tomcat/tc8.0.x/trunk/test/org/apache/catalina/startup/TestBootstrap.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/test/org/apache/catalina/startup/TestBootstrap.java?rev=1653472&r1=1653471&r2=1653472&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/test/org/apache/catalina/startup/TestBootstrap.java 
(original)
+++ tomcat/tc8.0.x/trunk/test/org/apache/catalina/startup/TestBootstrap.java 
Wed Jan 21 10:12:27 2015
@@ -113,6 +113,66 @@ public class TestBootstrap {
         doTest("aaa,\"bbb,\"", "aaa", "bbb,");
     }
 
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes01() {
+        doTest("\"", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes02() {
+        doTest("\"aaa", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes03() {
+        doTest("aaa\"", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes04() {
+        doTest("a\"a", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes05() {
+        doTest("b,\"", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes06() {
+        doTest("b,\"aaa", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes07() {
+        doTest("b,aaa\"", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes08() {
+        doTest("b,a\"a", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes09() {
+        doTest("\",b", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes10() {
+        doTest("\"aaa,b", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes11() {
+        doTest("aaa\",b", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes12() {
+        doTest("a\"a,b", "ignored");
+    }
+
     private void doTest(String input, String... expected) {
         String[] result = Bootstrap.getPaths(input);
 

Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1653472&r1=1653471&r2=1653472&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Wed Jan 21 10:12:27 2015
@@ -63,6 +63,11 @@
         (markt)
       </fix>
       <fix>
+        <bug>57455</bug>: Explicitly block the use of the double-quote 
character
+        when configuring the common, server and shared class loaders since
+        double-quote is used to quote values that contain commas. (markt)
+      </fix>
+      <fix>
         <bug>57461</bug>: When an instance of
         <code>org.apache.catalina.startup.VersionLoggerListener</code> logs the
         result of <code>System.getProperty("java.home")</code> don't report it



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to