nacho 00/12/20 08:17:43
Modified: src/share/org/apache/tomcat/service/http Tag: tomcat_32
HttpRequestAdapter.java
Log:
BugReport#513 Anonymous
(Security)Problem accessing via HTTP without protocol
BugReport#619 Robert Ellis ( [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> )
JSP Source Disclosure
BugReport#620 Mark Brouwer ( [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
)
getProtocol() method on ServletRequest includes CRLF causing problems
Submitted by Kazuhiro Kazama [[EMAIL PROTECTED]]
PS: More patches like this please, 3 Bad Boys with only 1 bullet :-)
Revision Changes Path
No revision
No revision
1.16.2.4 +7 -4
jakarta-tomcat/src/share/org/apache/tomcat/service/http/Attic/HttpRequestAdapter.java
Index: HttpRequestAdapter.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/http/Attic/HttpRequestAdapter.java,v
retrieving revision 1.16.2.3
retrieving revision 1.16.2.4
diff -u -r1.16.2.3 -r1.16.2.4
--- HttpRequestAdapter.java 2000/11/10 02:48:40 1.16.2.3
+++ HttpRequestAdapter.java 2000/12/20 16:17:41 1.16.2.4
@@ -303,7 +303,9 @@
private final int skipSpaces() {
while (off < count) {
if ((buf[off] != (byte) ' ')
- && (buf[off] != (byte) '\t')) {
+ && (buf[off] != (byte) '\t')
+ && (buf[off] != (byte) '\r')
+ && (buf[off] != (byte) '\n')) {
return off;
}
off++;
@@ -316,7 +318,9 @@
private int findSpace() {
while (off < count) {
if ((buf[off] == (byte) ' ')
- || (buf[off] == (byte) '\t')) {
+ || (buf[off] == (byte) '\t')
+ || (buf[off] == (byte) '\r')
+ || (buf[off] == (byte) '\n')) {
return off;
}
off++;
@@ -369,9 +373,8 @@
method= new String( buf, startMethod, endMethod - startMethod );
- if( endReq < 0 ) {
+ if( startProto < 0 ) {
protocol=null;
- endReq=count;
} else {
if( endProto < 0 ) endProto = count;
protocol=new String( buf, startProto, endProto-startProto );
