+1
Amy
----- Original Message -----
From: "Craig R. McClanahan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 09, 2001 12:49 PM
Subject: [VOTE] Tomcat 4.0-beta-7 Release Tonight ?
> Just fixed this security vulnerability in 4.0 (3.2.3 isn't vulnerable, at
> least on Win98, but I didn't check 3.3). Therefore, I would propose to do
> a Beta 7 release tonight that picks up this change (and other bugfixes
> since Beta 6).
>
> Thanks to [EMAIL PROTECTED] for the report.
>
> Craig McClanahan
>
>
> ---------- Forwarded message ----------
> Date: 9 Aug 2001 19:43:00 -0000
> From: [EMAIL PROTECTED]
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: cvs commit:
>
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http
> HttpProcessor.java
>
> craigmcc 01/08/09 12:43:00
>
> Modified: catalina/src/share/org/apache/catalina/connector/http
> HttpProcessor.java
> Log:
> Make request URIs the contain "/..." (or any longer series of periods)
> invalid. On some (all?) Windows platforms, this causes the OS to walk
the
> directory tree just like "../../.." type sequences do.
>
> PR: Bugzilla #3062
> Submitted by: [EMAIL PROTECTED]
>
> Revision Changes Path
> 1.35 +9 -4
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http/Htt
pProcessor.java
>
> Index: HttpProcessor.java
> ===================================================================
> RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connecto
r/http/HttpProcessor.java,v
> retrieving revision 1.34
> retrieving revision 1.35
> diff -u -r1.34 -r1.35
> --- HttpProcessor.java 2001/07/26 05:31:05 1.34
> +++ HttpProcessor.java 2001/08/09 19:43:00 1.35
> @@ -1,6 +1,6 @@
> -/* * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connecto
r/http/HttpProcessor.java,v 1.34 2001/07/26 05:31:05 remm Exp $
> - * $Revision: 1.34 $
> - * $Date: 2001/07/26 05:31:05 $
> +/* * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connecto
r/http/HttpProcessor.java,v 1.35 2001/08/09 19:43:00 craigmcc Exp $
> + * $Revision: 1.35 $
> + * $Date: 2001/08/09 19:43:00 $
> *
> * ====================================================================
> *
> @@ -106,7 +106,7 @@
> *
> * @author Craig R. McClanahan
> * @author Remy Maucherat
> - * @version $Revision: 1.34 $ $Date: 2001/07/26 05:31:05 $
> + * @version $Revision: 1.35 $ $Date: 2001/08/09 19:43:00 $
> */
>
> final class HttpProcessor
> @@ -879,6 +879,11 @@
> normalized = normalized.substring(0, index2) +
> normalized.substring(index + 3);
> }
> +
> + // Declare occurrences of "/..." (three or more dots) to be
invalid
> + // (on some Windows platforms this walks the directory tree!!!)
> + if (normalized.indexOf("/...") >= 0)
> + return (null);
>
> // Return the normalized path that we have completed
> return (normalized);
>
>
>
>
>
