This patch fixes Tomcat 3.2.1 security problem that Yoshiyuki Karezaki
(cf. BugRat Report #513) and Robert Ellis (cf. "Tomcat 3.2.1 JSP
Source Disclosure") reported.
At the same time, this patch fixes the bug Mark Brouwer reported
(cf. "[BUG] getProtocol() method on ServletRequest includes CRLF
causing problems").
Kazuhiro Kazama ([EMAIL PROTECTED]) NTT Network Innovation Laboratories
--- src/org/apache/tomcat/service/http/HttpRequestAdapter.java.orig Wed Dec 13
06:37:14 2000
+++ src/org/apache/tomcat/service/http/HttpRequestAdapter.java Wed Dec 20 15:54:56
+2000
@@ -303,7 +303,9 @@
private final int skipSpaces() {
while (off < count) {
if ((buf[off] != (byte) ' ')
- && (buf[off] != (byte) '\t')) {
+ && (buf[off] != (byte) '\t')
+ && (buf[off] != (byte) '\r')
+ && (buf[off] != (byte) '\n')) {
return off;
}
off++;
@@ -316,7 +318,9 @@
private int findSpace() {
while (off < count) {
if ((buf[off] == (byte) ' ')
- || (buf[off] == (byte) '\t')) {
+ || (buf[off] == (byte) '\t')
+ || (buf[off] == (byte) '\r')
+ || (buf[off] == (byte) '\n')) {
return off;
}
off++;
@@ -369,9 +373,8 @@
method= new String( buf, startMethod, endMethod - startMethod );
- if( endReq < 0 ) {
+ if( startProto < 0 ) {
protocol=null;
- endReq=count;
} else {
if( endProto < 0 ) endProto = count;
protocol=new String( buf, startProto, endProto-startProto );