remm 2003/03/15 03:37:39
Modified: coyote/src/java/org/apache/coyote/tomcat4 Tag: coyote_10
CoyoteAdapter.java
coyote/src/java/org/apache/coyote/tomcat5 Tag: coyote_10
CoyoteAdapter.java
Log:
- Return 400 for decoded URLs which don't start with '/'.
Revision Changes Path
No revision
No revision
1.13.2.1 +9 -4
jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java
Index: CoyoteAdapter.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java,v
retrieving revision 1.13
retrieving revision 1.13.2.1
diff -u -r1.13 -r1.13.2.1
--- CoyoteAdapter.java 10 Dec 2002 08:43:21 -0000 1.13
+++ CoyoteAdapter.java 15 Mar 2003 11:37:38 -0000 1.13.2.1
@@ -522,6 +522,11 @@
return false;
}
+ // The URL must start with '/'
+ if (b[start] != (byte) '/') {
+ return false;
+ }
+
// Replace "//" with "/"
for (pos = start; pos < (end - 1); pos++) {
if ((b[pos] == (byte) '/') && (b[pos + 1] == (byte) '/')) {
No revision
No revision
1.6.2.1 +9 -4
jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteAdapter.java
Index: CoyoteAdapter.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteAdapter.java,v
retrieving revision 1.6
retrieving revision 1.6.2.1
diff -u -r1.6 -r1.6.2.1
--- CoyoteAdapter.java 10 Dec 2002 08:44:05 -0000 1.6
+++ CoyoteAdapter.java 15 Mar 2003 11:37:38 -0000 1.6.2.1
@@ -414,6 +414,11 @@
return false;
}
+ // The URL must start with '/'
+ if (b[start] != (byte) '/') {
+ return false;
+ }
+
// Replace "//" with "/"
for (pos = start; pos < (end - 1); pos++) {
if ((b[pos] == (byte) '/') && (b[pos + 1] == (byte) '/')) {
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
