(ofbiz-framework) branch release18.12 updated: Fixed: Fix infinite DOS redirection under windows environment

Mon, 08 Jan 2024 08:56:16 -0800 

This is an automated email from the ASF dual-hosted git repository.

pgil pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release18.12 by this push:
     new 707434c229 Fixed: Fix infinite DOS redirection under windows 
environment
707434c229 is described below

commit 707434c22912e44b425eb5a1b649af1cc2916679
Author: Gil Portenseigne <[email protected]>
AuthorDate: Mon Jan 8 10:19:41 2024 +0100

    Fixed: Fix infinite DOS redirection under windows environment
    
    Precedent fix that prevent a user to bypass webapp filter rules using
    `..` notation used wrong class to normalize URI.
    Paths, under windows system, replace `/` by `\`, that are not allowed by
    filter rules, redirecting to `\main` endlessly.
---
 .../main/java/org/apache/ofbiz/webapp/control/ControlFilter.java | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
index f1fe5cb7f3..f9e0bcea69 100644
--- 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
+++ 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
@@ -19,6 +19,8 @@
 package org.apache.ofbiz.webapp.control;
 
 import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.nio.file.Paths;
 import java.util.HashSet;
 import java.util.Set;
@@ -133,7 +135,12 @@ public class ControlFilter implements Filter {
             String requestUri = 
httpRequest.getRequestURI().substring(httpRequest.getContextPath().length());
 
             // normalize to remove ".." special name usage to bypass webapp 
filter
-            requestUri = Paths.get(requestUri).normalize().toString();
+            try {
+                requestUri = new URI(requestUri).normalize().toString();
+            } catch (URISyntaxException e) {
+                throw new RuntimeException(e);
+            }
+
             int offset = requestUri.indexOf("/", 1);
             if (offset == -1) {
                 offset = requestUri.length();

Reply via email to