Bug 63579

Summary: o.a.catalina.webresources.StandardRoot.validate generates an IllegalArgumentException leading to a 500
Product: Tomcat 9 Reporter: Alex Rebert <alex>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 9.0.22   
Target Milestone: -----   
Hardware: PC   
OS: Mac OS X 10.1   

Description Alex Rebert 2019-07-22 14:40:53 UTC
Tomcat can generate a 500 response when validating the request path. The issue can be reproduced with the following command, assuming tomcat is listening on 8080:

```
$ echo -ne "GET *; HTTP/1.1\r\nHost:\r\n\r\n" | nc localhost 8080
HTTP/1.1 500
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1973
Date: Mon, 22 Jul 2019 14:38:08 GMT
Connection: close

<!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> The resource path [*] is not valid</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b></p><pre>java.lang.IllegalArgumentException: The resource path [*] is not valid
        org.apache.catalina.webresources.StandardRoot.validate(StandardRoot.java:252)
        org.apache.catalina.webresources.StandardRoot.getResource(StandardRoot.java:213)
        org.apache.catalina.webresources.StandardRoot.getResource(StandardRoot.java:207)
        org.apache.catalina.servlets.DefaultServlet.serveResource(DefaultServlet.java:832)
        org.apache.catalina.servlets.DefaultServlet.doGet(DefaultServlet.java:497)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
        org.apache.catalina.servlets.DefaultServlet.service(DefaultServlet.java:477)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
        org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
</pre><p><b>Note</b> The full stack trace of the root cause is available in the server logs.</p><hr class="line" /><h3>Apache Tomcat/9.0.22-dev</h3></body></html>
```

I'm running tomcat from source after compiling it with ant. Version is 'Apache Tomcat/9.0.22-dev', and commit is ed26bdbaf639a17c02a1e864d2c0553ed3f95971 from Jul 22.
Comment 1 Mark Thomas 2019-07-23 09:49:08 UTC
Thanks for the report. I've fixed this (and added a unit test) in:

- master for 9.0.23 onwards
- 8.5.x for 8.5.44 onwards
- 7.0.x for 7.0.96 onwards