| Summary: | Possible StringIndexOutOfBoundsException for symlinks in DirResourceSet.listWebAppPaths | ||
|---|---|---|---|
| Product: | Tomcat 9 | Reporter: | Cedomir Igaly <cedomir.igaly> |
| Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | cedomir.igaly, kryadov |
| Priority: | P2 | ||
| Version: | 9.0.50 | ||
| Target Milestone: | ----- | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Attachments: | Patch to fix bug | ||
Thanks for the report and the patch. Fixed in: - 10.1.x for 10.1.0-M3 onwards - 10.0.x for 10.0.9 onwards - 9.0.x for 9.0.51 onwards - 8.5.x for 8.5.70 onwards FWIW: I can confirm that the fix solves my observed problems as well |
Created attachment 37944 [details] Patch to fix bug When entry is symbolic link outside of parent directory, it is possible that its cannonical path will be shorter than parent's cannonical path. In that case attempt to evaluate expression canPath = entry.getCanonicalPath().substring(f.getCanonicalPath().length()); will end in throwing java.lang.StringIndexOutOfBoundsException. Suggested solution is to compare lengths begore evaluation. It is possible that this problem is also present elsewhere. Same problem will affect 10.0.x and 8.5.x branches as well.