This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new e7812cfdb5 Fix NPE
e7812cfdb5 is described below
commit e7812cfdb5f33d3603684d8c45856ded9daa0db1
Author: remm <[email protected]>
AuthorDate: Tue Mar 17 15:02:59 2026 +0100
Fix NPE
Based on patch submitted by Shirsendu Mondal.
---
java/org/apache/catalina/servlets/WebdavServlet.java | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java
b/java/org/apache/catalina/servlets/WebdavServlet.java
index 3fb360f30f..3e8fd43e18 100644
--- a/java/org/apache/catalina/servlets/WebdavServlet.java
+++ b/java/org/apache/catalina/servlets/WebdavServlet.java
@@ -1888,6 +1888,9 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
String hrefPath = hrefUri.getPath();
+ if (hrefPath == null) {
+ return null;
+ }
// Avoid path traversals
if (!hrefPath.equals(RequestUtil.normalize(hrefPath))) {
@@ -2050,6 +2053,10 @@ public class WebdavServlet extends DefaultServlet
implements PeriodicEventListen
}
String destinationPath = destinationUri.getPath();
+ if (destinationPath == null) {
+ resp.sendError(WebdavStatus.SC_BAD_REQUEST);
+ return false;
+ }
// Destination isn't allowed to use '.' or '..' segments
if (!destinationPath.equals(RequestUtil.normalize(destinationPath))) {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
