Greetings,

There is a bug in ByteChunk.indexOf which manifests itself
in the safe url parsing.  That is, BC.indexOf returns an
offset relative to the start of the byte buffer, rather
than the internal starting point.

So, when safe url checks for indexOf('%'), depending on the
length of the method name, a number of %'s at the beginning
of the URL may be missed.

So, the following URLs would be tagged as safe (currently):
GET /wannamak/%25%5C

A quick fix is to use indexOf("%"), which converts the
relevant part of the byte array to a string, so the offset
is correct.

However, I think that it would be better to correct BC.indexOf
in the following manner:

Index: ByteChunk.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/buf/ByteChun
k.java,v
retrieving revision 1.8
diff -u -r1.8 ByteChunk.java
--- ByteChunk.java      19 Jul 2001 05:49:02 -0000      1.8
+++ ByteChunk.java      5 Feb 2002 17:36:42 -0000
@@ -626,7 +626,8 @@
      * @param s the string
      */
     public int indexOf(char c, int starting) {
-       return indexOf( buff, start+starting, end, c);
+       int ret = indexOf( buff, start+starting, end, c);
+       return (ret >= start) ? ret - start : -1;
     }

     public static int  indexOf( byte bytes[], int off, int end, char qq )

I will commit this later today if I hear no objection.

Regards,
Keith


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to