svn commit: r783292 - /tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java

Wed, 10 Jun 2009 04:15:28 -0700 

Author: markt
Date: Wed Jun 10 11:15:02 2009
New Revision: 783292

URL: http://svn.apache.org/viewvc?rev=783292&view=rev
Log:
Fix port for CVE-2008-5515.
FileDirContext needs own normalize method as RequestUtil is not visible due to 
class loader structure

Modified:
    
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java

Modified: 
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java?rev=783292&r1=783291&r2=783292&view=diff
==============================================================================
--- 
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java
 (original)
+++ 
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/naming/resources/FileDirContext.java
 Wed Jun 10 11:15:02 2009
@@ -36,7 +36,6 @@
 import javax.naming.directory.ModificationItem;
 import javax.naming.directory.SearchControls;
 
-import org.apache.catalina.util.RequestUtil;
 import org.apache.naming.NamingEntry;
 import org.apache.naming.NamingContextBindingsEnumeration;
 import org.apache.naming.NamingContextEnumeration;
@@ -771,7 +770,56 @@
      * @param path Path to be normalized
      */
     protected String normalize(String path) {
-        return RequestUtil.normalize(path, File.separatorChar == '\\');
+
+        if (path == null)
+            return null;
+
+        // Create a place for the normalized path
+        String normalized = path;
+
+        if (File.separatorChar == '\\' && normalized.indexOf('\\') >= 0)
+            normalized = normalized.replace('\\', '/');
+
+        if (normalized.equals("/."))
+            return "/";
+
+        // Add a leading "/" if necessary
+        if (!normalized.startsWith("/"))
+            normalized = "/" + normalized;
+
+        // Resolve occurrences of "//" in the normalized path
+        while (true) {
+            int index = normalized.indexOf("//");
+            if (index < 0)
+                break;
+            normalized = normalized.substring(0, index) +
+                normalized.substring(index + 1);
+        }
+
+        // Resolve occurrences of "/./" in the normalized path
+        while (true) {
+            int index = normalized.indexOf("/./");
+            if (index < 0)
+                break;
+            normalized = normalized.substring(0, index) +
+                normalized.substring(index + 2);
+        }
+
+        // Resolve occurrences of "/../" in the normalized path
+        while (true) {
+            int index = normalized.indexOf("/../");
+            if (index < 0)
+                break;
+            if (index == 0)
+                return (null);  // Trying to go outside our context
+            int index2 = normalized.lastIndexOf('/', index - 1);
+            normalized = normalized.substring(0, index2) +
+                normalized.substring(index + 3);
+        }
+
+        // Return the normalized path that we have completed
+        return (normalized);
+
     }
 
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to