ASF Bugzilla – Attachment 33549 Details for
Bug 58999
StringIndexOutOfBoundsException WebAppClassLoaderBase.filter()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
classloader.patch (text/plain), 6.08 KB, created by
Violeta Georgieva
on 2016-02-12 08:25:17 UTC
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Violeta Georgieva
Created:
2016-02-12 08:25:17 UTC
Size:
6.08 KB
patch
obsolete
>Index: java/org/apache/catalina/loader/WebappClassLoaderBase.java >=================================================================== >--- java/org/apache/catalina/loader/WebappClassLoaderBase.java (revision 1729943) >+++ java/org/apache/catalina/loader/WebappClassLoaderBase.java (working copy) >@@ -2763,12 +2763,12 @@ > return false; > > char ch; >- if (name.startsWith("javax")) { >+ if (name.startsWith("javax") && name.length() > 5) { > /* 5 == length("javax") */ > ch = name.charAt(5); > if (isClassName && ch == '.') { > /* 6 == length("javax.") */ >- if (name.startsWith("servlet.jsp.jstl.", 6)) { >+ if (name.startsWith("servlet.jsp.jstl", 6)) { > return false; > } > if (name.startsWith("el.", 6) || >@@ -2779,7 +2779,7 @@ > } > } else if (!isClassName && ch == '/') { > /* 6 == length("javax/") */ >- if (name.startsWith("servlet/jsp/jstl/", 6)) { >+ if (name.startsWith("servlet/jsp/jstl", 6)) { > return false; > } > if (name.startsWith("el/", 6) || >@@ -2789,7 +2789,7 @@ > return true; > } > } >- } else if (name.startsWith("org")) { >+ } else if (name.startsWith("org") && name.length() > 3) { > /* 3 == length("org") */ > ch = name.charAt(3); > if (isClassName && ch == '.') { >@@ -2796,7 +2796,7 @@ > /* 4 == length("org.") */ > if (name.startsWith("apache.", 4)) { > /* 11 == length("org.apache.") */ >- if (name.startsWith("tomcat.jdbc.", 11)) { >+ if (name.startsWith("tomcat.jdbc", 11)) { > return false; > } > if (name.startsWith("el.", 11) || >@@ -2813,7 +2813,7 @@ > /* 4 == length("org/") */ > if (name.startsWith("apache/", 4)) { > /* 11 == length("org/apache/") */ >- if (name.startsWith("tomcat/jdbc/", 11)) { >+ if (name.startsWith("tomcat/jdbc", 11)) { > return false; > } > if (name.startsWith("el/", 11) || >Index: test/org/apache/catalina/loader/TestWebappClassLoader.java >=================================================================== >--- test/org/apache/catalina/loader/TestWebappClassLoader.java (revision 1729943) >+++ test/org/apache/catalina/loader/TestWebappClassLoader.java (working copy) >@@ -65,10 +65,11 @@ > public void testFilter() throws IOException { > > String[] classSuffixes = new String[]{ >- "some.package.Example" >+ "","some.package.Example" > }; > > String[] resourceSuffixes = new String[]{ >+ "", > "some/path/test.properties", > "some/path/test" > }; >@@ -83,7 +84,7 @@ > "org.apache", > "org.apache.tomcat.jdbc", > "javax", >- "javax.jsp.jstl", >+ "javax.servlet.jsp.jstl", > "com.mycorp" > }; > >@@ -106,30 +107,38 @@ > > for (String prefix : prefixesPermit) { > for (String suffix : classSuffixes) { >- name = prefix + "." + suffix; >- Assert.assertTrue("Class '" + name + "' failed permit filter", >- !loader.filter(name, true)); > if (prefix.equals("")) { > name = suffix; >- Assert.assertTrue("Class '" + name + "' failed permit filter", >- !loader.filter(name, true)); >+ } else if (suffix.equals("")) { >+ name = prefix; >+ } else { >+ name = prefix + "." + suffix; > } >+ Assert.assertTrue("Class '" + name + "' failed permit filter", >+ !loader.filter(name, true)); > } > prefix = prefix.replace('.', '/'); > for (String suffix : resourceSuffixes) { >- name = prefix + "/" + suffix; >- Assert.assertTrue("Resource '" + name + "' failed permit filter", >- !loader.filter(name, false)); > if (prefix.equals("")) { > name = suffix; >- Assert.assertTrue("Resource '" + name + "' failed permit filter", >- !loader.filter(name, false)); >+ } else if (suffix.equals("")) { >+ name = prefix; >+ } else { >+ name = prefix + "/" + suffix; > } >+ Assert.assertTrue("Resource '" + name + "' failed permit filter", >+ !loader.filter(name, false)); > } > } > > for (String prefix : prefixesDeny) { > for (String suffix : classSuffixes) { >+ if (suffix.equals("")) { >+ name = prefix; >+ Assert.assertTrue("Class '" + name + "' failed permit filter", >+ !loader.filter(name, true)); >+ continue; >+ } > if (prefix.equals("")) { > name = suffix; > } else { >@@ -140,6 +149,12 @@ > } > prefix = prefix.replace('.', '/'); > for (String suffix : resourceSuffixes) { >+ if (suffix.equals("")) { >+ name = prefix; >+ Assert.assertTrue("Resource '" + name + "' failed permit filter", >+ !loader.filter(name, false)); >+ continue; >+ } > if (prefix.equals("")) { > name = suffix; > } else {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=33549">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 58999
: 33549 |
33559