amyroh 2003/12/08 16:50:58
Modified: catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Strip out uri parameters (";*") during filter mappings or security constraints
matching - bugtraq 4903209.
Revision Changes Path
1.18 +16 -4
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java
Index: RealmBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- RealmBase.java 2 Sep 2003 21:22:05 -0000 1.17
+++ RealmBase.java 9 Dec 2003 00:50:58 -0000 1.18
@@ -460,6 +460,18 @@
String contextPath = hreq.getContextPath();
if (contextPath.length() > 0)
uri = uri.substring(contextPath.length());
+
+ if (uri != null) {
+ int semicolon = uri.indexOf(";");
+ if (semicolon >= 0) {
+ String baseuri = uri.substring(0, semicolon);
+ if (debug >= 2)
+ log("Request uri '" + uri + "' treated as '" + baseuri +
+ "' for security constraint matching.");
+ uri = baseuri;
+ }
+ }
+
String method = hreq.getMethod();
for (int i = 0; i < constraints.length; i++) {
if (log.isDebugEnabled())
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
