cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/request SimpleMapper1.java StaticInterceptor.java

Mon, 11 Dec 2000 09:41:25 -0800 

craigmcc    00/12/11 09:52:31

  Modified:    src/share/org/apache/tomcat/request Tag: tomcat_32
                        SimpleMapper1.java StaticInterceptor.java
  Log:
  Fix a security vulnerability that would display the contents of sensitive
  files when a URL like this was used:
  
        http://localhost:8080/examples//WEB-INF/web.xml
  
  This vulnerability appears on Linux (and any other OS that ignores "//" in
  the middle of a pathname), but not on Windows.
  
  Submitted by: Ramon Cacha <[EMAIL PROTECTED]>
  PR: BugRat Bug Report #565
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.15.2.4  +2 -2      
jakarta-tomcat/src/share/org/apache/tomcat/request/SimpleMapper1.java
  
  Index: SimpleMapper1.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/SimpleMapper1.java,v
  retrieving revision 1.15.2.3
  retrieving revision 1.15.2.4
  diff -u -r1.15.2.3 -r1.15.2.4
  --- SimpleMapper1.java        2000/12/01 03:00:41     1.15.2.3
  +++ SimpleMapper1.java        2000/12/11 17:52:30     1.15.2.4
  @@ -343,8 +343,8 @@
               requestURI.substring(contextPath.length()).toUpperCase();
           if (relativePath.equals("/META-INF") ||
               relativePath.equals("/WEB-INF") ||
  -            relativePath.startsWith("/META-INF/") ||
  -            relativePath.startsWith("/WEB-INF/"))
  +            (relativePath.indexOf("/META-INF/") != 0) ||
  +            (relativePath.indexOf("/WEB-INF/") != 0))
               return 404;
   
        return OK;
  
  
  
  1.7.2.5   +3 -1      
jakarta-tomcat/src/share/org/apache/tomcat/request/StaticInterceptor.java
  
  Index: StaticInterceptor.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/StaticInterceptor.java,v
  retrieving revision 1.7.2.4
  retrieving revision 1.7.2.5
  diff -u -r1.7.2.4 -r1.7.2.5
  --- StaticInterceptor.java    2000/11/07 22:52:52     1.7.2.4
  +++ StaticInterceptor.java    2000/12/11 17:52:30     1.7.2.5
  @@ -418,7 +418,9 @@
   
                String relPathU=relPath.toUpperCase();
                if ( relPathU.startsWith("WEB-INF") ||
  -                             relPathU.startsWith("META-INF")) {
  +                     relPathU.startsWith("META-INF") ||
  +                    (relPathU.indexOf("/WEB-INF/") != 0) ||
  +                    (relPathU.indexOf("/META-INF/") != 0) ) {
                        return null;
                }
        }

Reply via email to