This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 8462f543c0 Avoid NPE
8462f543c0 is described below
commit 8462f543c04628e120879cf25d449d3f76abadcc
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Jun 22 03:08:22 2026 +0100
Avoid NPE
---
java/org/apache/catalina/valves/rewrite/RewriteValve.java | 6 ++++++
webapps/docs/changelog.xml | 3 +++
2 files changed, 9 insertions(+)
diff --git a/java/org/apache/catalina/valves/rewrite/RewriteValve.java
b/java/org/apache/catalina/valves/rewrite/RewriteValve.java
index d0efa387b5..fcc45c2b7f 100644
--- a/java/org/apache/catalina/valves/rewrite/RewriteValve.java
+++ b/java/org/apache/catalina/valves/rewrite/RewriteValve.java
@@ -588,6 +588,12 @@ public class RewriteValve extends ValveBase {
// Decode then normalize
String urlStringRewriteDecoded =
URLDecoder.decode(urlStringRewriteEncoded, uriCharset);
urlStringRewriteDecoded =
RequestUtil.normalize(urlStringRewriteDecoded);
+ if (urlStringRewriteDecoded == null) {
+ // Assume bad input caused the re-write to try and
escape root
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ return;
+ }
+
request.getCoyoteRequest().decodedURI().setChars(MessageBytes.EMPTY_CHAR_ARRAY,
0, 0);
chunk =
request.getCoyoteRequest().decodedURI().getCharChunk();
if (context) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3880995a83..3a014548f5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -118,6 +118,9 @@
Improve the performance of range validation for the default servlet.
(markt)
</fix>
+ <fix>
+ Avoid NPE in RewriteValve. (markt)
+ </fix>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
