larryi 2003/01/25 19:06:43
Modified: src/share/org/apache/tomcat/modules/mappers
DecodeInterceptor.java
Log:
Treat the presence of null characters in the URL path as unsafe.
Revision Changes Path
1.19 +4 -0
jakarta-tomcat/src/share/org/apache/tomcat/modules/mappers/DecodeInterceptor.java
Index: DecodeInterceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/mappers/DecodeInterceptor.java,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- DecodeInterceptor.java 14 Oct 2002 05:20:17 -0000 1.18
+++ DecodeInterceptor.java 26 Jan 2003 03:06:43 -0000 1.19
@@ -442,6 +442,10 @@
if( pathMB.indexOfIgnoreCase("%5C",start) >= 0 )
return false;
}
+ if (pathMB.indexOf('\0') >= 0)
+ {
+ return false;
+ }
return true;
}
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
