remm 02/03/14 12:55:47
Modified: catalina/src/share/org/apache/naming/resources
FileDirContext.java
Log:
- Tighten up the file access so that there is no way to request a path above
the base, regarless of what path is passed. This is for robustness and peace of
mind
only; I haven't sound any security vulnerabiltiy. Note: The performance impact
is minimal because of the cache.
Revision Changes Path
1.12 +23 -12
jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/FileDirContext.java
Index: FileDirContext.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/FileDirContext.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- FileDirContext.java 27 Feb 2002 19:06:35 -0000 1.11
+++ FileDirContext.java 14 Mar 2002 20:55:47 -0000 1.12
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/FileDirContext.java,v
1.11 2002/02/27 19:06:35 remm Exp $
- * $Revision: 1.11 $
- * $Date: 2002/02/27 19:06:35 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/FileDirContext.java,v
1.12 2002/03/14 20:55:47 remm Exp $
+ * $Revision: 1.12 $
+ * $Date: 2002/03/14 20:55:47 $
*
* ====================================================================
*
@@ -99,7 +99,7 @@
* Filesystem Directory Context implementation helper class.
*
* @author Remy Maucherat
- * @version $Revision: 1.11 $ $Date: 2002/02/27 19:06:35 $
+ * @version $Revision: 1.12 $ $Date: 2002/03/14 20:55:47 $
*/
public class FileDirContext extends BaseDirContext {
@@ -186,7 +186,7 @@
if (!base.exists() || !base.isDirectory() || !base.canRead())
throw new IllegalArgumentException
(sm.getString("fileResources.base", docBase));
- this.absoluteBase = normalize(base.getAbsolutePath());
+ this.absoluteBase = base.getAbsolutePath();
super.setDocBase(docBase);
}
@@ -854,28 +854,38 @@
*/
protected File file(String name) {
+/*
name = normalize(name);
if (name == null)
return (null);
if (File.separatorChar == '\\')
name = name.replace('/', File.separatorChar);
+*/
File file = new File(base, name);
if (file.exists() && file.canRead()) {
+
+ // Check that this file belongs to our root path
+ String canPath = null;
+ try {
+ canPath = file.getCanonicalPath();
+ } catch (IOException e) {
+ }
+ if (canPath == null)
+ return null;
+
+ if (!canPath.startsWith(absoluteBase))
+ return null;
+
// Windows only check
if ((caseSensitive) && (File.separatorChar == '\\')) {
String fileAbsPath = file.getAbsolutePath();
if (fileAbsPath.endsWith("."))
fileAbsPath = fileAbsPath + "/";
String absPath = normalize(fileAbsPath);
- String canPath = null;
- try {
- canPath = file.getCanonicalPath();
- if (canPath != null)
- canPath = normalize(canPath);
- } catch (IOException e) {
- }
+ if (canPath != null)
+ canPath = normalize(canPath);
if ((absoluteBase.length() < absPath.length())
&& (absoluteBase.length() < canPath.length())) {
absPath = absPath.substring(absoluteBase.length());
@@ -890,6 +900,7 @@
return null;
}
}
+
} else {
return null;
}
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
