craigmcc 00/12/11 09:52:31
Modified: src/share/org/apache/tomcat/request Tag: tomcat_32
SimpleMapper1.java StaticInterceptor.java
Log:
Fix a security vulnerability that would display the contents of sensitive
files when a URL like this was used:
http://localhost:8080/examples//WEB-INF/web.xml
This vulnerability appears on Linux (and any other OS that ignores "//" in
the middle of a pathname), but not on Windows.
Submitted by: Ramon Cacha <[EMAIL PROTECTED]>
PR: BugRat Bug Report #565
Revision Changes Path
No revision
No revision
1.15.2.4 +2 -2
jakarta-tomcat/src/share/org/apache/tomcat/request/SimpleMapper1.java
Index: SimpleMapper1.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/SimpleMapper1.java,v
retrieving revision 1.15.2.3
retrieving revision 1.15.2.4
diff -u -r1.15.2.3 -r1.15.2.4
--- SimpleMapper1.java 2000/12/01 03:00:41 1.15.2.3
+++ SimpleMapper1.java 2000/12/11 17:52:30 1.15.2.4
@@ -343,8 +343,8 @@
requestURI.substring(contextPath.length()).toUpperCase();
if (relativePath.equals("/META-INF") ||
relativePath.equals("/WEB-INF") ||
- relativePath.startsWith("/META-INF/") ||
- relativePath.startsWith("/WEB-INF/"))
+ (relativePath.indexOf("/META-INF/") != 0) ||
+ (relativePath.indexOf("/WEB-INF/") != 0))
return 404;
return OK;
1.7.2.5 +3 -1
jakarta-tomcat/src/share/org/apache/tomcat/request/StaticInterceptor.java
Index: StaticInterceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/StaticInterceptor.java,v
retrieving revision 1.7.2.4
retrieving revision 1.7.2.5
diff -u -r1.7.2.4 -r1.7.2.5
--- StaticInterceptor.java 2000/11/07 22:52:52 1.7.2.4
+++ StaticInterceptor.java 2000/12/11 17:52:30 1.7.2.5
@@ -418,7 +418,9 @@
String relPathU=relPath.toUpperCase();
if ( relPathU.startsWith("WEB-INF") ||
- relPathU.startsWith("META-INF")) {
+ relPathU.startsWith("META-INF") ||
+ (relPathU.indexOf("/WEB-INF/") != 0) ||
+ (relPathU.indexOf("/META-INF/") != 0) ) {
return null;
}
}