svn commit: r1804754 - /tomcat/trunk/java/org/apache/coyote/http2/Stream.java

Fri, 11 Aug 2017 00:07:16 -0700 

Author: markt
Date: Fri Aug 11 07:06:46 2017
New Revision: 1804754

URL: http://svn.apache.org/viewvc?rev=1804754&view=rev
Log:
Now CVE-2017-7675 is public, make the comment more specific

Modified:
    tomcat/trunk/java/org/apache/coyote/http2/Stream.java

Modified: tomcat/trunk/java/org/apache/coyote/http2/Stream.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Stream.java?rev=1804754&r1=1804753&r2=1804754&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http2/Stream.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http2/Stream.java Fri Aug 11 07:06:46 
2017
@@ -313,8 +313,10 @@ class Stream extends AbstractStream impl
                 String query = value.substring(queryStart + 1);
                 coyoteRequest.queryString().setString(query);
             }
-            // Bug 61120. Set the URI as bytes rather than String so any path
-            // parameters are correctly processed
+            // Bug 61120. Set the URI as bytes rather than String so:
+            // - any path parameters are correctly processed
+            // - the normalization security checks are performed that prevent
+            //   directory traversal attacks
             byte[] uriBytes = uri.getBytes(StandardCharsets.ISO_8859_1);
             coyoteRequest.requestURI().setBytes(uriBytes, 0, uriBytes.length);
             break;



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to