DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15795>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15795 Request with mailformed URL causes NullPointerException ------- Additional Comments From [EMAIL PROTECTED] 2003-03-29 18:49 ------- I received this on 4.1.24 as well. The problems comes from the fact that getRelativePath() called in serveResource () returns null (as it should) to indicate that the path is not valid since it attempts to go outside the "boundaries of the current context" as documented inthe normalize() method. But the return value is not examined and an or an exceptional course taken before it is passed to the constructor of the ResourceInfo. Since these "invalid" URL paths are sourced from viruses or hackers, I would think tomcat should respond by logging these and not by throwing a NullPointerException. Here's my log with some additional debugging turned on: 2003-03-29 08:39:01 StandardHost[localhost]: Mapping request URI '/scripts/../../winnt/system32/cmd.exe' 2003-03-29 08:39:01 StandardHost[localhost]: Trying the longest context path prefix 2003-03-29 08:39:01 StandardHost[localhost]: Mapped to context '' 2003-03-29 08:39:01 default: DefaultServlet.serveResource: Serving resource 'null' headers and data 2003-03-29 08:39:01 StandardWrapperValve[default]: Servlet.service() for servlet default threw exception java.lang.NullPointerException at java.io.File.<init>(File.java:258) at org.apache.naming.resources.FileDirContext.file (FileDirContext.java:880) at org.apache.naming.resources.FileDirContext.getAttributes (FileDirContext.java:487) at org.apache.naming.resources.BaseDirContext.getAttributes (BaseDirContext.java:797) at org.apache.naming.resources.ProxyDirContext.cacheLoad (ProxyDirContext.java:1491) at org.apache.naming.resources.ProxyDirContext.cacheLookup (ProxyDirContext.java:1412) at org.apache.naming.resources.ProxyDirContext.lookup (ProxyDirContext.java:300) at org.apache.catalina.servlets.DefaultServlet$ResourceInfo.set (DefaultServlet.java:2267) at org.apache.catalina.servlets.DefaultServlet$ResourceInfo.<init> (DefaultServlet.java:2219) at org.apache.catalina.servlets.DefaultServlet.serveResource (DefaultServlet.java:921) at org.apache.catalina.servlets.DefaultServlet.doGet (DefaultServlet.java:506) at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter (ApplicationFilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter (ApplicationFilterChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke (StandardWrapperValve.java:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNe xt(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke (StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke (ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke (StandardContextValve.java:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNe xt(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke (StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke (ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke (StandardContext.java:2415) at org.apache.catalina.core.StandardHostValve.invoke (StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNe xt(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke (ErrorDispatcherValve.java:171) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNe xt(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:172) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNe xt(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke (StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke (ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke (StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNe xt(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke (StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke (ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service (CoyoteAdapter.java:223) at org.apache.coyote.http11.Http11Processor.process (Http11Processor.java:594) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnecti on(Http11Protocol.java:392) at org.apache.tomcat.util.net.TcpWorkerThread.runIt (PoolTcpEndpoint.java:565) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run (ThreadPool.java:619) at java.lang.Thread.run(Thread.java:479) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]