From: markt Date: Thu, 15 Jan 2009 15:34:52 +0000 (+0000) Subject: Remove 3 of the essentially 4 duplicate normalise implementations. X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=0ce40889879bca0cd656f2ab4a89fc8fd15469a4;p=tomcat7.0 Remove 3 of the essentially 4 duplicate normalise implementations. Minor tweaks where required to use the new single implementation. Remove unnecessary normalisation calls. This includes the fix for CVE-2008-5515. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@734734 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java index a35f7a6f3..a9c379e48 100644 --- a/java/org/apache/catalina/connector/Request.java +++ b/java/org/apache/catalina/connector/Request.java @@ -1297,10 +1297,9 @@ public class Request int pos = requestPath.lastIndexOf('/'); String relative = null; if (pos >= 0) { - relative = RequestUtil.normalize - (requestPath.substring(0, pos + 1) + path); + relative = requestPath.substring(0, pos + 1) + path; } else { - relative = RequestUtil.normalize(requestPath + path); + relative = requestPath + path; } return (context.getServletContext().getRequestDispatcher(relative)); diff --git a/java/org/apache/catalina/core/ApplicationContext.java b/java/org/apache/catalina/core/ApplicationContext.java index e7054d700..0c0ba2f2c 100644 --- a/java/org/apache/catalina/core/ApplicationContext.java +++ b/java/org/apache/catalina/core/ApplicationContext.java @@ -52,6 +52,7 @@ import org.apache.catalina.deploy.ApplicationParameter; import org.apache.catalina.deploy.FilterDef; import org.apache.catalina.deploy.FilterMap; import org.apache.catalina.util.Enumerator; +import org.apache.catalina.util.RequestUtil; import org.apache.catalina.util.ResourceSet; import org.apache.catalina.util.ServerInfo; import org.apache.catalina.util.StringManager; @@ -410,7 +411,7 @@ public class ApplicationContext path = path.substring(0, pos); } - path = normalize(path); + path = RequestUtil.normalize(path); if (path == null) return (null); @@ -495,7 +496,7 @@ public class ApplicationContext throw new MalformedURLException(sm.getString("applicationContext.requestDispatcher.iae", path)); - path = normalize(path); + path = RequestUtil.normalize(path); if (path == null) return (null); @@ -544,13 +545,16 @@ public class ApplicationContext */ public InputStream getResourceAsStream(String path) { - path = normalize(path); if (path == null) return (null); if (!path.startsWith("/") && Globals.STRICT_SERVLET_COMPLIANCE) return null; - + + path = RequestUtil.normalize(path); + if (path == null) + return (null); + DirContext resources = context.getResources(); if (resources != null) { try { @@ -583,7 +587,7 @@ public class ApplicationContext (sm.getString("applicationContext.resourcePaths.iae", path)); } - path = normalize(path); + path = RequestUtil.normalize(path); if (path == null) return (null); @@ -1057,45 +1061,6 @@ public class ApplicationContext /** - * Return a context-relative path, beginning with a "/", that represents - * the canonical version of the specified path after ".." and "." elements - * are resolved out. If the specified path attempts to go outside the - * boundaries of the current context (i.e. too many ".." path elements - * are present), return null instead. - * - * @param path Path to be normalized - */ - private String normalize(String path) { - - if (path == null) { - return null; - } - - String normalized = path; - - // Normalize the slashes - if (normalized.indexOf('\\') >= 0) - normalized = normalized.replace('\\', '/'); - - // Resolve occurrences of "/../" in the normalized path - while (true) { - int index = normalized.indexOf("/../"); - if (index < 0) - break; - if (index == 0) - return (null); // Trying to go outside our context - int index2 = normalized.lastIndexOf('/', index - 1); - normalized = normalized.substring(0, index2) + - normalized.substring(index + 3); - } - - // Return the normalized path that we have completed - return (normalized); - - } - - - /** * Merge the context initialization parameters specified in the application * deployment descriptor with the application parameters described in the * server configuration, respecting the override property of diff --git a/java/org/apache/catalina/core/ApplicationHttpRequest.java b/java/org/apache/catalina/core/ApplicationHttpRequest.java index 4088e4d5c..8857cb15b 100644 --- a/java/org/apache/catalina/core/ApplicationHttpRequest.java +++ b/java/org/apache/catalina/core/ApplicationHttpRequest.java @@ -318,10 +318,9 @@ class ApplicationHttpRequest extends HttpServletRequestWrapper { int pos = requestPath.lastIndexOf('/'); String relative = null; if (pos >= 0) { - relative = RequestUtil.normalize - (requestPath.substring(0, pos + 1) + path); + relative = requestPath.substring(0, pos + 1) + path; } else { - relative = RequestUtil.normalize(requestPath + path); + relative = requestPath + path; } return (context.getServletContext().getRequestDispatcher(relative)); diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java b/java/org/apache/catalina/servlets/WebdavServlet.java index c957955c0..e79ca0caf 100644 --- a/java/org/apache/catalina/servlets/WebdavServlet.java +++ b/java/org/apache/catalina/servlets/WebdavServlet.java @@ -1412,68 +1412,6 @@ public class WebdavServlet } - /** - * Return a context-relative path, beginning with a "/", that represents - * the canonical version of the specified path after ".." and "." elements - * are resolved out. If the specified path attempts to go outside the - * boundaries of the current context (i.e. too many ".." path elements - * are present), return null instead. - * - * @param path Path to be normalized - */ - protected String normalize(String path) { - - if (path == null) - return null; - - // Create a place for the normalized path - String normalized = path; - - if (normalized.equals("/.")) - return "/"; - - // Normalize the slashes and add leading slash if necessary - if (normalized.indexOf('\\') >= 0) - normalized = normalized.replace('\\', '/'); - if (!normalized.startsWith("/")) - normalized = "/" + normalized; - - // Resolve occurrences of "//" in the normalized path - while (true) { - int index = normalized.indexOf("//"); - if (index < 0) - break; - normalized = normalized.substring(0, index) + - normalized.substring(index + 1); - } - - // Resolve occurrences of "/./" in the normalized path - while (true) { - int index = normalized.indexOf("/./"); - if (index < 0) - break; - normalized = normalized.substring(0, index) + - normalized.substring(index + 2); - } - - // Resolve occurrences of "/../" in the normalized path - while (true) { - int index = normalized.indexOf("/../"); - if (index < 0) - break; - if (index == 0) - return (null); // Trying to go outside our context - int index2 = normalized.lastIndexOf('/', index - 1); - normalized = normalized.substring(0, index2) + - normalized.substring(index + 3); - } - - // Return the normalized path that we have completed - return (normalized); - - } - - // -------------------------------------------------------- Private Methods /** @@ -1628,7 +1566,7 @@ public class WebdavServlet } // Normalise destination path (remove '.' and '..') - destinationPath = normalize(destinationPath); + destinationPath = RequestUtil.normalize(destinationPath); String contextPath = req.getContextPath(); if ((contextPath != null) && @@ -2383,7 +2321,8 @@ public class WebdavServlet if (!toAppend.startsWith("/")) toAppend = "/" + toAppend; - generatedXML.writeText(rewriteUrl(normalize(absoluteUri + toAppend))); + generatedXML.writeText(rewriteUrl(RequestUtil.normalize( + absoluteUri + toAppend))); generatedXML.writeElement(null, "href", XMLWriter.CLOSING); diff --git a/java/org/apache/catalina/ssi/SSIServletExternalResolver.java b/java/org/apache/catalina/ssi/SSIServletExternalResolver.java index bfad17d40..66f016359 100644 --- a/java/org/apache/catalina/ssi/SSIServletExternalResolver.java +++ b/java/org/apache/catalina/ssi/SSIServletExternalResolver.java @@ -31,6 +31,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.catalina.connector.Request; +import org.apache.catalina.util.RequestUtil; import org.apache.coyote.Constants; /** @@ -370,7 +371,7 @@ public class SSIServletExternalResolver implements SSIExternalResolver { + pathWithoutContext); } String fullPath = prefix + path; - String retVal = SSIServletRequestUtil.normalize(fullPath); + String retVal = RequestUtil.normalize(fullPath); if (retVal == null) { throw new IOException("Normalization yielded null on path: " + fullPath); @@ -403,7 +404,7 @@ public class SSIServletExternalResolver implements SSIExternalResolver { return new ServletContextAndPath(context, getAbsolutePath(virtualPath)); } else { - String normalized = SSIServletRequestUtil.normalize(virtualPath); + String normalized = RequestUtil.normalize(virtualPath); if (isVirtualWebappRelative) { return new ServletContextAndPath(context, normalized); } else { diff --git a/java/org/apache/catalina/ssi/SSIServletRequestUtil.java b/java/org/apache/catalina/ssi/SSIServletRequestUtil.java index 2aee60bd5..59d3b0de1 100644 --- a/java/org/apache/catalina/ssi/SSIServletRequestUtil.java +++ b/java/org/apache/catalina/ssi/SSIServletRequestUtil.java @@ -47,7 +47,7 @@ public class SSIServletRequestUtil { if ((result == null) || (result.equals(""))) { result = "/"; } - return normalize(result); + return RequestUtil.normalize(result); } @@ -63,15 +63,9 @@ public class SSIServletRequestUtil { * * @param path * Path to be normalized + * @deprecated */ public static String normalize(String path) { - if (path == null) return null; - String normalized = path; - //Why doesn't RequestUtil do this?? - // Normalize the slashes and add leading slash if necessary - if (normalized.indexOf('\\') >= 0) - normalized = normalized.replace('\\', '/'); - normalized = RequestUtil.normalize(path); - return normalized; + return RequestUtil.normalize(path); } } \ No newline at end of file diff --git a/java/org/apache/catalina/util/RequestUtil.java b/java/org/apache/catalina/util/RequestUtil.java index d5d9364e9..8050b2a49 100644 --- a/java/org/apache/catalina/util/RequestUtil.java +++ b/java/org/apache/catalina/util/RequestUtil.java @@ -93,6 +93,19 @@ public final class RequestUtil { * @param path Relative path to be normalized */ public static String normalize(String path) { + return normalize(path, true); + } + + /** + * Normalize a relative URI path that may have relative values ("/./", + * "/../", and so on ) it it. WARNING - This method is + * useful only for normalizing application-generated paths. It does not + * try to perform security checks for malicious input. + * + * @param path Relative path to be normalized + * @param replaceBackSlash Should '\\' be replaced with '/' + */ + public static String normalize(String path, boolean replaceBackSlash) { if (path == null) return null; @@ -100,6 +113,9 @@ public final class RequestUtil { // Create a place for the normalized path String normalized = path; + if (replaceBackSlash && normalized.indexOf('\\') >= 0) + normalized = normalized.replace('\\', '/'); + if (normalized.equals("/.")) return "/"; diff --git a/java/org/apache/naming/resources/FileDirContext.java b/java/org/apache/naming/resources/FileDirContext.java index c90a0095c..f125fcd9f 100644 --- a/java/org/apache/naming/resources/FileDirContext.java +++ b/java/org/apache/naming/resources/FileDirContext.java @@ -40,6 +40,7 @@ import javax.naming.directory.ModificationItem; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; +import org.apache.catalina.util.RequestUtil; import org.apache.naming.NamingContextBindingsEnumeration; import org.apache.naming.NamingContextEnumeration; import org.apache.naming.NamingEntry; @@ -768,50 +769,10 @@ public class FileDirContext extends BaseDirContext { */ protected String normalize(String path) { - String normalized = path; - - // Normalize the slashes and add leading slash if necessary - if (File.separatorChar == '\\' && normalized.indexOf('\\') >= 0) - normalized = normalized.replace('\\', '/'); - if (!normalized.startsWith("/")) - normalized = "/" + normalized; - - // Resolve occurrences of "//" in the normalized path - while (true) { - int index = normalized.indexOf("//"); - if (index < 0) - break; - normalized = normalized.substring(0, index) + - normalized.substring(index + 1); - } - - // Resolve occurrences of "/./" in the normalized path - while (true) { - int index = normalized.indexOf("/./"); - if (index < 0) - break; - normalized = normalized.substring(0, index) + - normalized.substring(index + 2); - } + return RequestUtil.normalize(path, File.separatorChar == '\\'); - // Resolve occurrences of "/../" in the normalized path - while (true) { - int index = normalized.indexOf("/../"); - if (index < 0) - break; - if (index == 0) - return (null); // Trying to go outside our context - int index2 = normalized.lastIndexOf('/', index - 1); - normalized = normalized.substring(0, index2) + - normalized.substring(index + 3); } - // Return the normalized path that we have completed - return (normalized); - - } - - /** * Return a File object representing the specified normalized * context-relative path if it exists and is readable. Otherwise,