Author: jfrederic.clere(a)jboss.com Date: 2009-06-04 11:03:52 -0400 (Thu, 04 Jun 2009) New Revision: 1081 Modified: branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/connector/Request.java branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/core/ApplicationContext.java branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/core/ApplicationHttpRequest.java branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/servlets/WebdavServlet.java branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/ssi/SSIServletRequestUtil.java branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/util/RequestUtil.java branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/naming/resources/FileDirContext.java Log: Rollback previous commit... Nice clean up but CP... Modified: branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/connector/Request.java =================================================================== --- branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/connector/Request.java 2009-06-04 14:15:54 UTC (rev 1080) +++ branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/connector/Request.java 2009-06-04 15:03:52 UTC (rev 1081) @@ -67,6 +67,7 @@ import org.apache.catalina.realm.GenericPrincipal; import org.apache.catalina.util.Enumerator; import org.apache.catalina.util.ParameterMap; +import org.apache.catalina.util.RequestUtil; import org.apache.catalina.util.StringManager; import org.apache.catalina.util.StringParser; @@ -1268,9 +1269,10 @@ int pos = requestPath.lastIndexOf('/'); String relative = null; if (pos >= 0) { - relative = requestPath.substring(0, pos + 1) + path; + relative = RequestUtil.normalize + (requestPath.substring(0, pos + 1) + path); } else { - relative = requestPath + path; + relative = RequestUtil.normalize(requestPath + path); } return (context.getServletContext().getRequestDispatcher(relative)); Modified: branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/core/ApplicationContext.java =================================================================== --- branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/core/ApplicationContext.java 2009-06-04 14:15:54 UTC (rev 1080) +++ branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/core/ApplicationContext.java 2009-06-04 15:03:52 UTC (rev 1081) @@ -44,7 +44,6 @@ import org.apache.catalina.Wrapper; import org.apache.catalina.deploy.ApplicationParameter; import org.apache.catalina.util.Enumerator; -import org.apache.catalina.util.RequestUtil; import org.apache.catalina.util.ResourceSet; import org.apache.catalina.util.ServerInfo; import org.apache.catalina.util.StringManager; @@ -378,7 +377,7 @@ path = path.substring(0, pos); } - path = RequestUtil.normalize(path); + path = normalize(path); if (path == null) return (null); @@ -460,7 +459,7 @@ throw new MalformedURLException(sm.getString("applicationContext.requestDispatcher.iae", path)); } - path = RequestUtil.normalize(path); + path = normalize(path); if (path == null) return (null); @@ -509,13 +508,10 @@ */ public InputStream getResourceAsStream(String path) { + path = normalize(path); if (path == null) return (null); - path = RequestUtil.normalize(path); - if (path == null) - return (null); - DirContext resources = context.getResources(); if (resources != null) { try { @@ -548,7 +544,7 @@ (sm.getString("applicationContext.resourcePaths.iae", path)); } - path = RequestUtil.normalize(path); + path = normalize(path); if (path == null) return (null); @@ -855,6 +851,45 @@ /** + * Return a context-relative path, beginning with a "/", that represents + * the canonical version of the specified path after ".." and "." elements + * are resolved out. If the specified path attempts to go outside the + * boundaries of the current context (i.e. too many ".." path elements + * are present), return <code>null</code> instead. + * + * @param path Path to be normalized + */ + private String normalize(String path) { + + if (path == null) { + return null; + } + + String normalized = path; + + // Normalize the slashes and add leading slash if necessary + if (normalized.indexOf('\\') >= 0) + normalized = normalized.replace('\\', '/'); + + // Resolve occurrences of "/../" in the normalized path + while (true) { + int index = normalized.indexOf("/../"); + if (index < 0) + break; + if (index == 0) + return (null); // Trying to go outside our context + int index2 = normalized.lastIndexOf('/', index - 1); + normalized = normalized.substring(0, index2) + + normalized.substring(index + 3); + } + + // Return the normalized path that we have completed + return (normalized); + + } + + + /** * Merge the context initialization parameters specified in the application * deployment descriptor with the application parameters described in the * server configuration, respecting the <code>override</code> property of Modified: branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/core/ApplicationHttpRequest.java =================================================================== --- branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/core/ApplicationHttpRequest.java 2009-06-04 14:15:54 UTC (rev 1080) +++ branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/core/ApplicationHttpRequest.java 2009-06-04 15:03:52 UTC (rev 1081) @@ -318,9 +318,10 @@ int pos = requestPath.lastIndexOf('/'); String relative = null; if (pos >= 0) { - relative = requestPath.substring(0, pos + 1) + path; + relative = RequestUtil.normalize + (requestPath.substring(0, pos + 1) + path); } else { - relative = requestPath + path; + relative = RequestUtil.normalize(requestPath + path); } return (context.getServletContext().getRequestDispatcher(relative)); Modified: branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/servlets/WebdavServlet.java =================================================================== --- branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/servlets/WebdavServlet.java 2009-06-04 14:15:54 UTC (rev 1080) +++ branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/servlets/WebdavServlet.java 2009-06-04 15:03:52 UTC (rev 1081) @@ -1374,6 +1374,71 @@ } + /** + * Return a context-relative path, beginning with a "/", that represents + * the canonical version of the specified path after ".." and "." elements + * are resolved out. If the specified path attempts to go outside the + * boundaries of the current context (i.e. too many ".." path elements + * are present), return <code>null</code> instead. + * + * @param path Path to be normalized + */ + protected String normalize(String path) { + + if (path == null) + return null; + + // Create a place for the normalized path + String normalized = path; + + if (normalized == null) + return (null); + + if (normalized.equals("/.")) + return "/"; + + // Normalize the slashes and add leading slash if necessary + if (normalized.indexOf('\\') >= 0) + normalized = normalized.replace('\\', '/'); + if (!normalized.startsWith("/")) + normalized = "/" + normalized; + + // Resolve occurrences of "//" in the normalized path + while (true) { + int index = normalized.indexOf("//"); + if (index < 0) + break; + normalized = normalized.substring(0, index) + + normalized.substring(index + 1); + } + + // Resolve occurrences of "/./" in the normalized path + while (true) { + int index = normalized.indexOf("/./"); + if (index < 0) + break; + normalized = normalized.substring(0, index) + + normalized.substring(index + 2); + } + + // Resolve occurrences of "/../" in the normalized path + while (true) { + int index = normalized.indexOf("/../"); + if (index < 0) + break; + if (index == 0) + return (null); // Trying to go outside our context + int index2 = normalized.lastIndexOf('/', index - 1); + normalized = normalized.substring(0, index2) + + normalized.substring(index + 3); + } + + // Return the normalized path that we have completed + return (normalized); + + } + + // -------------------------------------------------------- Private Methods /** @@ -1528,7 +1593,7 @@ } // Normalise destination path (remove '.' and '..') - destinationPath = RequestUtil.normalize(destinationPath); + destinationPath = normalize(destinationPath); String contextPath = req.getContextPath(); if ((contextPath != null) && @@ -2275,7 +2340,7 @@ if (!toAppend.startsWith("/")) toAppend = "/" + toAppend; - generatedXML.writeText(rewriteUrl(RequestUtil.normalize(absoluteUri + toAppend))); + generatedXML.writeText(rewriteUrl(normalize(absoluteUri + toAppend))); generatedXML.writeElement(null, "href", XMLWriter.CLOSING); Modified: branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/ssi/SSIServletRequestUtil.java =================================================================== --- branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/ssi/SSIServletRequestUtil.java 2009-06-04 14:15:54 UTC (rev 1080) +++ branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/ssi/SSIServletRequestUtil.java 2009-06-04 15:03:52 UTC (rev 1081) @@ -59,6 +59,13 @@ * Path to be normalized */ public static String normalize(String path) { - return RequestUtil.normalize(path); + if (path == null) return null; + String normalized = path; + //Why doesn't RequestUtil do this?? + // Normalize the slashes and add leading slash if necessary + if (normalized.indexOf('\\') >= 0) + normalized = normalized.replace('\\', '/'); + normalized = RequestUtil.normalize(path); + return normalized; } } \ No newline at end of file Modified: branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/util/RequestUtil.java =================================================================== --- branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/util/RequestUtil.java 2009-06-04 14:15:54 UTC (rev 1080) +++ branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/util/RequestUtil.java 2009-06-04 15:03:52 UTC (rev 1081) @@ -93,29 +93,13 @@ * @param path Relative path to be normalized */ public static String normalize(String path) { - return normalize(path, true); - } - /** - * Normalize a relative URI path that may have relative values ("/./", - * "/../", and so on ) it it. <strong>WARNING</strong> - This method is - * useful only for normalizing application-generated paths. It does not - * try to perform security checks for malicious input. - * - * @param path Relative path to be normalized - * @param replaceBackSlash Should '\\' be replaced with '/' - */ - public static String normalize(String path, boolean replaceBackSlash) { - if (path == null) return null; // Create a place for the normalized path String normalized = path; - if (replaceBackSlash && normalized.indexOf('\\') >= 0) - normalized = normalized.replace('\\', '/'); - if (normalized.equals("/.")) return "/"; Modified: branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/naming/resources/FileDirContext.java =================================================================== --- branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/naming/resources/FileDirContext.java 2009-06-04 14:15:54 UTC (rev 1080) +++ branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/naming/resources/FileDirContext.java 2009-06-04 15:03:52 UTC (rev 1081) @@ -29,21 +29,14 @@ import java.util.Hashtable; import javax.naming.NameAlreadyBoundException; -import javax.naming.NameNotFoundException; import javax.naming.NamingEnumeration; import javax.naming.NamingException; -import javax.naming.NotContextException; import javax.naming.OperationNotSupportedException; -import javax.naming.directory.AttributeModificationException; import javax.naming.directory.Attributes; import javax.naming.directory.DirContext; -import javax.naming.directory.InvalidAttributesException; -import javax.naming.directory.InvalidSearchControlsException; -import javax.naming.directory.InvalidSearchFilterException; import javax.naming.directory.ModificationItem; import javax.naming.directory.SearchControls; -import org.apache.catalina.util.RequestUtil; import org.apache.naming.NamingContextBindingsEnumeration; import org.apache.naming.NamingContextEnumeration; import org.apache.naming.NamingEntry; @@ -761,11 +754,61 @@ // ------------------------------------------------------ Protected Methods - protected static String normalize(String path) { - return RequestUtil.normalize(path, File.separatorChar == '\\'); + /** + * Return a context-relative path, beginning with a "/", that represents + * the canonical version of the specified path after ".." and "." elements + * are resolved out. If the specified path attempts to go outside the + * boundaries of the current context (i.e. too many ".." path elements + * are present), return <code>null</code> instead. + * + * @param path Path to be normalized + */ + protected String normalize(String path) { + + String normalized = path; + + // Normalize the slashes and add leading slash if necessary + if (File.separatorChar == '\\' && normalized.indexOf('\\') >= 0) + normalized = normalized.replace('\\', '/'); + if (!normalized.startsWith("/")) + normalized = "/" + normalized; + + // Resolve occurrences of "//" in the normalized path + while (true) { + int index = normalized.indexOf("//"); + if (index < 0) + break; + normalized = normalized.substring(0, index) + + normalized.substring(index + 1); } + // Resolve occurrences of "/./" in the normalized path + while (true) { + int index = normalized.indexOf("/./"); + if (index < 0) + break; + normalized = normalized.substring(0, index) + + normalized.substring(index + 2); + } + // Resolve occurrences of "/../" in the normalized path + while (true) { + int index = normalized.indexOf("/../"); + if (index < 0) + break; + if (index == 0) + return (null); // Trying to go outside our context + int index2 = normalized.lastIndexOf('/', index - 1); + normalized = normalized.substring(0, index2) + + normalized.substring(index + 3); + } + + // Return the normalized path that we have completed + return (normalized); + + } + + /** * Return a File object representing the specified normalized * context-relative path if it exists and is readable. Otherwise,