417260 Protected targets matched as true URI path segments

2013-09-16 10:07:59 +10:00 · 2013-09-16 10:07:59 +10:00 · 9113767907
parent 0b80b9ba36
commit 9113767907
2 changed files with 21 additions and 5 deletions
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java
@ -1169,16 +1169,30 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu
        while (target.startsWith("//"))
            target=URIUtil.compactPath(target);

-        boolean isProtected = false;
-        int i=0;
-        while (!isProtected && i<_protectedTargets.length)
+        for (int i=0; i<_protectedTargets.length; i++)
        {
-            isProtected = StringUtil.startsWithIgnoreCase(target, _protectedTargets[i++]);
+            String t=_protectedTargets[i];
+            if (StringUtil.startsWithIgnoreCase(target,t))
+            {
+                if (target.length()==t.length())
+                    return true;
+                
+                // Check that the target prefix really is a path segment, thus
+                // it can end with /, a query, a target or a parameter
+                char c=target.charAt(t.length());
+                if (c=='/'||c=='?'||c=='#'||c==';')
+                    return true;
+            }
        }
-        return isProtected;
+        return false;
    }


+    /* ------------------------------------------------------------ */
+    /**
+     * @param targets Array of URL prefix. Each prefix is in the form /path and will match
+     * either /path exactly or /path/anything
+     */
    public void setProtectedTargets (String[] targets)
    {
        if (targets == null)
@ -1191,6 +1205,7 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu
        System.arraycopy(targets, 0, _protectedTargets, 0, targets.length);
    }

+    /* ------------------------------------------------------------ */
    public String[] getProtectedTargets ()
    {
        if (_protectedTargets == null)
--- a/jetty-server/src/test/java/org/eclipse/jetty/server/handler/ContextHandlerTest.java
+++ b/jetty-server/src/test/java/org/eclipse/jetty/server/handler/ContextHandlerTest.java
@ -437,6 +437,7 @@ public class ContextHandlerTest
        assertTrue(handler.isProtectedTarget("/foo-inf/x/y/z"));
        assertFalse(handler.isProtectedTarget("/foo/x/y/z"));
        assertTrue(handler.isProtectedTarget("/foo-inf?x=y&z=1"));
+        assertFalse(handler.isProtectedTarget("/foo-inf-bar"));

        protectedTargets = new String[4];
        System.arraycopy(handler.getProtectedTargets(), 0, protectedTargets, 0, 2);