cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util/buf DateTool.java

Fri, 14 Sep 2001 18:08:55 -0700 

larryi      01/09/14 18:31:32

  Modified:    src/share/org/apache/tomcat/util/buf DateTool.java
  Log:
  Minimize vulnerability from SimpleDateFormat's non-thread safety.
  
  Submitted by: Bill Barker <[EMAIL PROTECTED]>
  
  Revision  Changes    Path
  1.7       +22 -22    
jakarta-tomcat/src/share/org/apache/tomcat/util/buf/DateTool.java
  
  Index: DateTool.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/buf/DateTool.java,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- DateTool.java     2001/08/24 08:02:35     1.6
  +++ DateTool.java     2001/09/15 01:31:32     1.7
  @@ -88,15 +88,15 @@
   
       /** format for RFC 1123 date string -- "Sun, 06 Nov 1994 08:49:37 GMT"
        */
  -    private final static String RFC1123_PATTERN =
  +    public final static String RFC1123_PATTERN =
           "EEE, dd MMM yyyy HH:mm:ss z";
   
       // format for RFC 1036 date string -- "Sunday, 06-Nov-94 08:49:37 GMT"
  -    private final static String rfc1036Pattern =
  +    public final static String rfc1036Pattern =
           "EEEEEEEEE, dd-MMM-yy HH:mm:ss z";
   
       // format for C asctime() date string -- "Sun Nov  6 08:49:37 1994"
  -    private final static String asctimePattern =
  +    public final static String asctimePattern =
           "EEE MMM d HH:mm:ss yyyy";
   
       /** Pattern used for old cookies
  @@ -157,13 +157,19 @@
       public static void formatOldCookie( Date d, StringBuffer sb,
                                          FieldPosition fp )
       {
  -     oldCookieFormat.format( d, sb, fp );
  +     synchronized(oldCookieFormat) {
  +         oldCookieFormat.format( d, sb, fp );
  +     }
       }
   
       // Called from ServerCookie
       public static String formatOldCookie( Date d )
       {
  -     return oldCookieFormat.format( d );
  +     String ocf=null;
  +     synchronized(oldCookieFormat) {
  +         ocf= oldCookieFormat.format( d );
  +     }
  +     return ocf;
       }
   
       
  @@ -171,24 +177,18 @@
        Not efficient - but not very used.
        */
       public static long parseDate( String dateString ) {
  +     DateFormat [] format = {rfc1123Format,rfc1036Format,asctimeFormat};
  +     return parseDate(dateString,format);
  +    }
  +    public static long parseDate( String dateString, DateFormat []format ) {
        Date date=null;
  -        try {
  -            date = DateTool.rfc1123Format.parse(dateString);
  -         return date.getTime();
  -     } catch (ParseException e) { }
  -          catch (StringIndexOutOfBoundsException e) { }
  -     
  -        try {
  -         date = DateTool.rfc1036Format.parse(dateString);
  -         return date.getTime();
  -     } catch (ParseException e) { }
  -          catch (StringIndexOutOfBoundsException e) { }
  -     
  -        try {
  -            date = DateTool.asctimeFormat.parse(dateString);
  -         return date.getTime();
  -        } catch (ParseException pe) { }
  -          catch (StringIndexOutOfBoundsException e) { }
  +     for(int i=0; i < format.length; i++) {
  +         try {
  +             date = format[i].parse(dateString);
  +             return date.getTime();
  +         } catch (ParseException e) { }
  +         catch (StringIndexOutOfBoundsException e) { }
  +     }
        String msg = sm.getString("httpDate.pe", dateString);
        throw new IllegalArgumentException(msg);
       }

Reply via email to