** Description changed:
[Impact]
* There was a software bug in the 8.0.32 release of tomcat8,
subsequently fixed in 8.0.33, with acessing past the end of a string.
[Test Case]
# lxc launch ubuntu:xenial tester && lxc exec tester bash
# apt update && apt dist-upgrade -y && apt install -y tomcat8 && mkdir -p
/var/lib/tomcat8/webapps/test && echo '<%@ page
contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
- <title>$Title$</title>
+ <title>$Title$</title>
</head>
<body>
<%
- Class.forName("org");
+ Class.forName("org");
%>
</body>
</html>
' >/var/lib/tomcat8/webapps/test/test.jsp
# service tomcat8 restart
# curl localhost:8080/test/test.jsp
...
- An exception occurred processing JSP page /test.jsp at line 8
+ An exception occurred processing JSP page /test.jsp at line 8
5: </head>
6: <body>
7: <%
8: Class.forName("org");
9: %>
10: </body>
11: </html>
...
</pre><p><b>root cause</b></p><pre>java.lang.StringIndexOutOfBoundsException:
String index out of range: 3
...
[Regression Potential]
- * This is a strict backport from upstream of a bugfix. The regression
- potential is very low, as the current tomcat8 code is broken.
+ If the lengths are wrong in the patch, then this will filter out more
+ than just the top level identifiers. Although tbh the chances of someone
+ actually putting a partial identifier not the top level id is pretty
+ low.
+
+ [Original Description]
---
Tomcat 8.0.32 has a known and corrected bug
https://bz.apache.org/bugzilla/show_bug.cgi?id=58999
which in some cases prevents a webapp from executing. I have encountered
this error. The fix will be to place a later version of Tomcat8 into
the Ubuntu 16.04 repository.
I encountered this error using:
----------------------------
OpenVPMS 1.8.1 (veterinary practice management webapp)
MySQL 5.7.13
Open-jdk 1.8.0_91
Tomcat 8.0.32
mysql-connector-java-5.1.39
----------------------------
The webapp in this case (OpenVPMS) runs under tomcat7 but not under this
specific version of Tomcat (8.0.32). Instead, tomcat throws a
404-/openvpms error. The relevant portion of the tomcat log is:
Caused by: java.lang.StringIndexOutOfBoundsException: String index out of
range: 3
at java.lang.String.charAt(String.java:658)
at
org.apache.catalina.loader.WebappClassLoaderBase.filter(WebappClassLoaderBase.java:2780)
at
org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1253)
at java.lang.ClassLoader.loadClass(ClassLoader.java:411)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
Thank you.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1606331
Title:
StringIndexOutOfBoundsException - Tomcat8.0.32
To manage notifications about this bug go to:
https://bugs.launchpad.net/tomcat7/+bug/1606331/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
