From 1926295212f44965e0ae94a485ec02e7cbb787f8 Mon Sep 17 00:00:00 2001 From: markt Date: Sat, 13 Jun 2009 19:19:18 +0000 Subject: [PATCH] Remove case insensitivity option. It was a workaround for a change in Tomcat 3 and has security implications if used on case insensitive file systems. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@784455 13f79535-47bb-0310-9956-ffa450edef68 --- java/org/apache/catalina/core/StandardContext.java | 25 --------- .../apache/catalina/core/mbeans-descriptors.xml | 5 -- .../apache/naming/resources/FileDirContext.java | 62 +++++++--------------- java/org/apache/tomcat/util/buf/MessageBytes.java | 45 +++------------- webapps/docs/config/context.xml | 10 ---- 5 files changed, 24 insertions(+), 123 deletions(-) diff --git a/java/org/apache/catalina/core/StandardContext.java b/java/org/apache/catalina/core/StandardContext.java index dceb05802..1838ef1c4 100644 --- a/java/org/apache/catalina/core/StandardContext.java +++ b/java/org/apache/catalina/core/StandardContext.java @@ -640,12 +640,6 @@ public class StandardContext /** - * Case sensitivity. - */ - protected boolean caseSensitive = true; - - - /** * Allow linking. */ protected boolean allowLinking = false; @@ -774,22 +768,6 @@ public class StandardContext /** - * Set case sensitivity. - */ - public void setCaseSensitive(boolean caseSensitive) { - this.caseSensitive = caseSensitive; - } - - - /** - * Is case sensitive ? - */ - public boolean isCaseSensitive() { - return caseSensitive; - } - - - /** * Set allow linking. */ public void setAllowLinking(boolean allowLinking) { @@ -1937,7 +1915,6 @@ public class StandardContext } if (resources instanceof FileDirContext) { filesystemBased = true; - ((FileDirContext) resources).setCaseSensitive(isCaseSensitive()); ((FileDirContext) resources).setAllowLinking(isAllowLinking()); } this.webappResources = resources; @@ -4108,8 +4085,6 @@ public class StandardContext new ProxyDirContext(env, webappResources); if (webappResources instanceof FileDirContext) { filesystemBased = true; - ((FileDirContext) webappResources).setCaseSensitive - (isCaseSensitive()); ((FileDirContext) webappResources).setAllowLinking (isAllowLinking()); } diff --git a/java/org/apache/catalina/core/mbeans-descriptors.xml b/java/org/apache/catalina/core/mbeans-descriptors.xml index 6b81ae979..ce19c0d52 100644 --- a/java/org/apache/catalina/core/mbeans-descriptors.xml +++ b/java/org/apache/catalina/core/mbeans-descriptors.xml @@ -74,11 +74,6 @@ is="true" type="boolean"/> - - diff --git a/java/org/apache/naming/resources/FileDirContext.java b/java/org/apache/naming/resources/FileDirContext.java index 4e840d1bd..677a6badd 100644 --- a/java/org/apache/naming/resources/FileDirContext.java +++ b/java/org/apache/naming/resources/FileDirContext.java @@ -101,12 +101,6 @@ public class FileDirContext extends BaseDirContext { /** - * Case sensitivity. - */ - protected boolean caseSensitive = true; - - - /** * Allow linking. */ protected boolean allowLinking = false; @@ -151,22 +145,6 @@ public class FileDirContext extends BaseDirContext { /** - * Set case sensitivity. - */ - public void setCaseSensitive(boolean caseSensitive) { - this.caseSensitive = caseSensitive; - } - - - /** - * Is case sensitive ? - */ - public boolean isCaseSensitive() { - return caseSensitive; - } - - - /** * Set allow linking. */ public void setAllowLinking(boolean allowLinking) { @@ -227,7 +205,6 @@ public class FileDirContext extends BaseDirContext { FileDirContext tempContext = new FileDirContext(env); tempContext.setDocBase(file.getPath()); tempContext.setAllowLinking(getAllowLinking()); - tempContext.setCaseSensitive(isCaseSensitive()); result = tempContext; } else { result = new FileResource(file); @@ -824,26 +801,24 @@ public class FileDirContext extends BaseDirContext { return null; } - // Case sensitivity check - if (caseSensitive) { - String fileAbsPath = file.getAbsolutePath(); - if (fileAbsPath.endsWith(".")) - fileAbsPath = fileAbsPath + "/"; - String absPath = normalize(fileAbsPath); - canPath = normalize(canPath); - if ((absoluteBase.length() < absPath.length()) - && (absoluteBase.length() < canPath.length())) { - absPath = absPath.substring(absoluteBase.length() + 1); - if (absPath == null) - return null; - if (absPath.equals("")) - absPath = "/"; - canPath = canPath.substring(absoluteBase.length() + 1); - if (canPath.equals("")) - canPath = "/"; - if (!canPath.equals(absPath)) - return null; - } + // Case sensitivity check - this is now always done + String fileAbsPath = file.getAbsolutePath(); + if (fileAbsPath.endsWith(".")) + fileAbsPath = fileAbsPath + "/"; + String absPath = normalize(fileAbsPath); + canPath = normalize(canPath); + if ((absoluteBase.length() < absPath.length()) + && (absoluteBase.length() < canPath.length())) { + absPath = absPath.substring(absoluteBase.length() + 1); + if (absPath == null) + return null; + if (absPath.equals("")) + absPath = "/"; + canPath = canPath.substring(absoluteBase.length() + 1); + if (canPath.equals("")) + canPath = "/"; + if (!canPath.equals(absPath)) + return null; } } else { @@ -887,7 +862,6 @@ public class FileDirContext extends BaseDirContext { FileDirContext tempContext = new FileDirContext(env); tempContext.setDocBase(file.getPath()); tempContext.setAllowLinking(getAllowLinking()); - tempContext.setCaseSensitive(isCaseSensitive()); object = tempContext; } else { object = new FileResource(currentFile); diff --git a/java/org/apache/tomcat/util/buf/MessageBytes.java b/java/org/apache/tomcat/util/buf/MessageBytes.java index 95fc78ff3..422edbefc 100644 --- a/java/org/apache/tomcat/util/buf/MessageBytes.java +++ b/java/org/apache/tomcat/util/buf/MessageBytes.java @@ -51,9 +51,6 @@ public final class MessageBytes implements Cloneable, Serializable { // did we computed the hashcode ? private boolean hasHashCode=false; - // Is the represented object case sensitive ? - private boolean caseSensitive=true; - // Internal objects to represent array + offset, and specific methods private ByteChunk byteC=new ByteChunk(); private CharChunk charC=new CharChunk(); @@ -78,12 +75,6 @@ public final class MessageBytes implements Cloneable, Serializable { return factory.newInstance(); } - /** Configure the case sensitivity - */ - public void setCaseSenitive( boolean b ) { - caseSensitive=b; - } - public MessageBytes getClone() { try { return (MessageBytes)this.clone(); @@ -107,7 +98,6 @@ public final class MessageBytes implements Cloneable, Serializable { charC.recycle(); strValue=null; - caseSensitive=true; hasStrValue=false; hasHashCode=false; @@ -298,8 +288,6 @@ public final class MessageBytes implements Cloneable, Serializable { * @return true if the comparison succeeded, false otherwise */ public boolean equals(String s) { - if( ! caseSensitive ) - return equalsIgnoreCase( s ); switch (type) { case T_STR: if( strValue==null && s!=null) return false; @@ -413,16 +401,13 @@ public final class MessageBytes implements Cloneable, Serializable { // -------------------- Hash code -------------------- public int hashCode() { - if( hasHashCode ) return hashCode; - int code = 0; + if( hasHashCode ) return hashCode; + int code = 0; - if( caseSensitive ) - code=hash(); - else - code=hashIgnoreCase(); - hashCode=code; - hasHashCode=true; - return code; + code=hash(); + hashCode=code; + hasHashCode=true; + return code; } // normal hash. @@ -444,24 +429,6 @@ public final class MessageBytes implements Cloneable, Serializable { } } - // hash ignoring case - private int hashIgnoreCase() { - int code=0; - switch (type) { - case T_STR: - for (int i = 0; i < strValue.length(); i++) { - code = code * 37 + Ascii.toLower(strValue.charAt( i )); - } - return code; - case T_CHARS: - return charC.hashIgnoreCase(); - case T_BYTES: - return byteC.hashIgnoreCase(); - default: - return 0; - } - } - public int indexOf(char c) { return indexOf( c, 0); } diff --git a/webapps/docs/config/context.xml b/webapps/docs/config/context.xml index 7bbe2deb3..d2282121b 100644 --- a/webapps/docs/config/context.xml +++ b/webapps/docs/config/context.xml @@ -328,16 +328,6 @@ of the flag is true.

 - -

If the value of this flag is false, all case sensitivity - checks will be disabled. If not - specified, the default value of the flag is true.

-

NOTE: This flag MUST NOT be set to false on the Windows platform - (or any other OS which does not have a case sensitive filesystem), - as it will disable case sensitivity checks, allowing JSP source code - disclosure, among other security problems.

- -

Whether the context should process TLDs on startup. The default is true. The false setting is intended for special cases -- 2.11.0