remm 02/04/16 14:59:36
Modified: coyote/src/java/org/apache/coyote/tomcat4 CoyoteAdapter.java
Log:
- Return 400 if there is a null byte in the decoded URI.
Revision Changes Path
1.4 +7 -4
jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java
Index: CoyoteAdapter.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- CoyoteAdapter.java 9 Apr 2002 22:27:11 -0000 1.3
+++ CoyoteAdapter.java 16 Apr 2002 21:59:36 -0000 1.4
@@ -1,6 +1,6 @@
-/* * $Header:
/home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java,v
1.3 2002/04/09 22:27:11 remm Exp $
- * $Revision: 1.3 $
- * $Date: 2002/04/09 22:27:11 $
+/* * $Header:
/home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java,v
1.4 2002/04/16 21:59:36 remm Exp $
+ * $Revision: 1.4 $
+ * $Date: 2002/04/16 21:59:36 $
*
* ====================================================================
*
@@ -119,7 +119,7 @@
*
* @author Craig R. McClanahan
* @author Remy Maucherat
- * @version $Revision: 1.3 $ $Date: 2002/04/09 22:27:11 $
+ * @version $Revision: 1.4 $ $Date: 2002/04/16 21:59:36 $
*/
final class CoyoteAdapter
@@ -493,9 +493,12 @@
int index = 0;
// Replace '\' with '/'
+ // Check for null byte
for (pos = start; pos < end; pos++) {
if (b[pos] == (byte) '\\')
b[pos] = (byte) '/';
+ if (b[pos] == (byte) 0)
+ return false;
}
// Replace "//" with "/"
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
