Bug 63579 - o.a.catalina.webresources.StandardRoot.validate generates an IllegalArgumentException leading to a 500
Summary: o.a.catalina.webresources.StandardRoot.validate generates an IllegalArgumentE...
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 9.0.22
Hardware: PC Mac OS X 10.1
: P2 normal (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-07-22 14:40 UTC by Alex Rebert
Modified: 2019-08-10 02:22 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Rebert 2019-07-22 14:40:53 UTC
Tomcat can generate a 500 response when validating the request path. The issue can be reproduced with the following command, assuming tomcat is listening on 8080:

```
$ echo -ne "GET *; HTTP/1.1\r\nHost:\r\n\r\n" | nc localhost 8080
HTTP/1.1 500
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1973
Date: Mon, 22 Jul 2019 14:38:08 GMT
Connection: close

<!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> The resource path [*] is not valid</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b></p><pre>java.lang.IllegalArgumentException: The resource path [*] is not valid
        org.apache.catalina.webresources.StandardRoot.validate(StandardRoot.java:252)
        org.apache.catalina.webresources.StandardRoot.getResource(StandardRoot.java:213)
        org.apache.catalina.webresources.StandardRoot.getResource(StandardRoot.java:207)
        org.apache.catalina.servlets.DefaultServlet.serveResource(DefaultServlet.java:832)
        org.apache.catalina.servlets.DefaultServlet.doGet(DefaultServlet.java:497)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
        org.apache.catalina.servlets.DefaultServlet.service(DefaultServlet.java:477)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
        org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
</pre><p><b>Note</b> The full stack trace of the root cause is available in the server logs.</p><hr class="line" /><h3>Apache Tomcat/9.0.22-dev</h3></body></html>
```

I'm running tomcat from source after compiling it with ant. Version is 'Apache Tomcat/9.0.22-dev', and commit is ed26bdbaf639a17c02a1e864d2c0553ed3f95971 from Jul 22.
Comment 1 Mark Thomas 2019-07-23 09:49:08 UTC
Thanks for the report. I've fixed this (and added a unit test) in:

- master for 9.0.23 onwards
- 8.5.x for 8.5.44 onwards
- 7.0.x for 7.0.96 onwards