craigmcc 00/11/17 16:09:44
Modified: src/etc Tag: tomcat_32 server.xml
src/share/org/apache/tomcat/core Tag: tomcat_32 Context.java
src/share/org/apache/tomcat/facade Tag: tomcat_32
ServletContextFacade.java
Log:
Implement a configuration option to disable ServletContext.getContext()
from returning the ServletContext for a different web application,
possibly allowing a malicious webapp to bypass security constraints. This
is in accordance with the JavaDoc comments for this method, which state:
"In a security conscious environment, the servlet
container may return null for a given URL."
The default setting allows access to other contexts, because this was the
previous behavior (and is the default behavior in Tomcat 4.0 at the
moment as well).
Revision Changes Path
No revision
No revision
1.29.2.9 +4 -1 jakarta-tomcat/src/etc/server.xml
Index: server.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/etc/server.xml,v
retrieving revision 1.29.2.8
retrieving revision 1.29.2.9
diff -u -r1.29.2.8 -r1.29.2.9
--- server.xml 2000/11/07 22:52:38 1.29.2.8
+++ server.xml 2000/11/18 00:09:42 1.29.2.9
@@ -264,7 +264,8 @@
Defaults are: debug=0, reloadable=true, trusted=false
(trusted allows you to access tomcat internal objects
- with FacadeManager )
+ with FacadeManager ), crossContext=true (allows you to
+ access other contexts via ServletContext.getContext())
If security manager is enabled, you'll have read perms.
in the webapps dir and read/write in the workdir.
@@ -272,6 +273,7 @@
<Context path="/examples"
docBase="webapps/examples"
+ crossContext="false"
debug="0"
reloadable="true" >
</Context>
@@ -286,6 +288,7 @@
-->
<Context path="/admin"
docBase="webapps/admin"
+ crossContext="true"
debug="0"
reloadable="true"
trusted="false" >
No revision
No revision
1.100.2.4 +12 -1 jakarta-tomcat/src/share/org/apache/tomcat/core/Context.java
Index: Context.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Context.java,v
retrieving revision 1.100.2.3
retrieving revision 1.100.2.4
diff -u -r1.100.2.3 -r1.100.2.4
--- Context.java 2000/10/11 00:24:44 1.100.2.3
+++ Context.java 2000/11/18 00:09:42 1.100.2.4
@@ -111,7 +111,7 @@
// internal state / related objects
private ContextManager contextM;
private ServletContext contextFacade;
-
+ private boolean crossContext = true;
private ServletLoader servletL;
boolean reloadable=true; // XXX change default to false after testing
@@ -194,6 +194,14 @@
contextM=cm;
}
+ public boolean getCrossContext() {
+ return (this.crossContext);
+ }
+
+ public void setCrossContext(boolean crossContext) {
+ this.crossContext = crossContext;
+ }
+
public FacadeManager getFacadeManager() {
if( facadeM==null ) {
/* XXX make it configurable
@@ -726,6 +734,9 @@
// if we can't return a servlet, so it's more probable
// servlets will check for null than IllegalArgument
}
+ // Return null if cross context lookups are not allowed
+ if (!crossContext)
+ return null;
// absolute path
Request lr=contextM.createRequest( path );
if( vhost != null ) lr.setServerName( vhost );
No revision
No revision
1.3.2.2 +4 -1
jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/ServletContextFacade.java
Index: ServletContextFacade.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/ServletContextFacade.java,v
retrieving revision 1.3.2.1
retrieving revision 1.3.2.2
diff -u -r1.3.2.1 -r1.3.2.2
--- ServletContextFacade.java 2000/11/10 06:42:49 1.3.2.1
+++ ServletContextFacade.java 2000/11/18 00:09:44 1.3.2.2
@@ -97,7 +97,10 @@
// -------------------- Public facade methods --------------------
public ServletContext getContext(String path) {
Context target=context.getContext(path);
- return target.getFacade();
+ if (target != null)
+ return target.getFacade();
+ else
+ return null;
}
