Author: markt
Date: Wed Jun 10 11:11:34 2009
New Revision: 783291
URL: http://svn.apache.org/viewvc?rev=783291&view=rev
Log:
Fix port for CVE-2008-5515.
FileDirContext needs own normalize method as RequestUtil is not visible due to
class loader structure
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java?rev=783291&r1=783290&r2=783291&view=diff
==============================================================================
---
tomcat/container/tc5.5.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java
(original)
+++
tomcat/container/tc5.5.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java
Wed Jun 10 11:11:34 2009
@@ -37,7 +37,6 @@
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
-import org.apache.catalina.util.RequestUtil;
import org.apache.naming.NamingContextBindingsEnumeration;
import org.apache.naming.NamingContextEnumeration;
import org.apache.naming.NamingEntry;
@@ -774,10 +773,58 @@
*/
protected String normalize(String path) {
- return RequestUtil.normalize(path, File.separatorChar == '\\');
+ if (path == null)
+ return null;
+
+ // Create a place for the normalized path
+ String normalized = path;
+
+ if (File.separatorChar == '\\' && normalized.indexOf('\\') >= 0)
+ normalized = normalized.replace('\\', '/');
+
+ if (normalized.equals("/."))
+ return "/";
+
+ // Add a leading "/" if necessary
+ if (!normalized.startsWith("/"))
+ normalized = "/" + normalized;
+
+ // Resolve occurrences of "//" in the normalized path
+ while (true) {
+ int index = normalized.indexOf("//");
+ if (index < 0)
+ break;
+ normalized = normalized.substring(0, index) +
+ normalized.substring(index + 1);
+ }
+
+ // Resolve occurrences of "/./" in the normalized path
+ while (true) {
+ int index = normalized.indexOf("/./");
+ if (index < 0)
+ break;
+ normalized = normalized.substring(0, index) +
+ normalized.substring(index + 2);
+ }
+
+ // Resolve occurrences of "/../" in the normalized path
+ while (true) {
+ int index = normalized.indexOf("/../");
+ if (index < 0)
+ break;
+ if (index == 0)
+ return (null); // Trying to go outside our context
+ int index2 = normalized.lastIndexOf('/', index - 1);
+ normalized = normalized.substring(0, index2) +
+ normalized.substring(index + 3);
+ }
+
+ // Return the normalized path that we have completed
+ return (normalized);
}
+
/**
* Return a File object representing the specified normalized
* context-relative path if it exists and is readable. Otherwise,
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
