Re: [4.1.14] New test milestone released

Tue, 29 Oct 2002 09:05:35 -0800

Hi, i was waiting a new release of Tomcat 4.1.x for a problem with symlink and looking at this test version i see that the problem is here yet.

The problem is this: if symlink are allowed (allowLinking true) AND the link is beetween two file INSIDE context path,
org.apache.naming.resources.FileDirContext return null in the "file(..)" method.

I have asked before to understand if this it's ok or it's an error, but i haven't received any answer.

For me the problem is inside org.apache.naming.resources.FileDirContext.file( String name ).....after testing if canPath is inside context path, there is a test (if caseSensitive is active) that control if canPath is equal or not from absPath (in this case they are different but inside context-path).


// Check to see if going outside of the web application root
if ((!allowLinking) && (!canPath.startsWith(absoluteBase))) {
return null;
}

// Case sensitivity check
if (caseSensitive) {
String fileAbsPath = file.getAbsolutePath();
if (fileAbsPath.endsWith("."))
fileAbsPath = fileAbsPath + "/";
String absPath = normalize(fileAbsPath);
if (canPath != null)
canPath = normalize(canPath);
if ((absoluteBase.length() < absPath.length()) && (absoluteBase.length() < canPath.length())) {
absPath = absPath.substring(absoluteBase.length() + 1);
if ((canPath == null) || (absPath == null))
return null;
if (absPath.equals(""))
absPath = "/";
canPath = canPath.substring(absoluteBase.length() + 1);
if (canPath.equals(""))
canPath = "/";
-------------->>> if (!canPath.equals(absPath))
-------------->>> return null;
}
}


Remy Maucherat wrote:

A new test milestone of Tomcat 4.1 has just been released. Please help test this upcoming Tomcat release for compliance issues and other
problems.

Downloads:
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/test/v4.1.14/

Significant changes over 4.1.13 include a security manager bugfix. Over 4.1.12, Tomcat 4.1.14 includes bugfixes as well as performance
improvements.

The full list of changes is available in the release notes.
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/test/v4.1.14/RELEASE
-NOTES

Remy


--
To unsubscribe, e-mail:
<mailto:tomcat-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-dev-help@;jakarta.apache.org>


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>

Reply via email to