410405 Avoid NPE for requestDispatcher(../)

Added extra tests for dotdot and encoded dotdot. Also protected against dotdot in absolute URIs
2013-06-11 14:44:26 +10:00 · 2013-06-11 14:44:26 +10:00 · 9b8a78392c
parent ed04753111
commit 9b8a78392c
2 changed files with 61 additions and 1 deletions
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/AbstractHttpConnection.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/AbstractHttpConnection.java
@ -469,7 +469,7 @@ public abstract class AbstractHttpConnection  extends AbstractConnection
                    info=URIUtil.canonicalPath(path);
                    if (info==null && !_request.getMethod().equals(HttpMethods.CONNECT))
                    {
-                        if (_uri.getScheme()!=null && _uri.getHost()!=null)
+                        if (path==null && _uri.getScheme()!=null && _uri.getHost()!=null)
                        {
                            info="/";
                            _request.setRequestURI("");
--- a/jetty-server/src/test/java/org/eclipse/jetty/server/HttpConnectionTest.java
+++ b/jetty-server/src/test/java/org/eclipse/jetty/server/HttpConnectionTest.java
@ -128,6 +128,66 @@ public class HttpConnectionTest
        checkContains(response,offset,"pathInfo=/");
    }
    
+    @Test
+    public void testBadNoPath() throws Exception
+    {
+        String response=connector.getResponses("GET http://localhost:80/../cheat HTTP/1.1\n"+
+                "Host: localhost:80\n"+
+                "\n");
+        int offset=0;
+        offset = checkContains(response,offset,"HTTP/1.1 400");
+    }
+
+    @Test
+    public void testOKPathDotDotPath() throws Exception
+    {
+        String response=connector.getResponses("GET /ooops/../path HTTP/1.0\nHost: localhost:80\n\n");
+        checkContains(response,0,"HTTP/1.1 200 OK");
+        checkContains(response,0,"pathInfo=/path");
+    }
+    
+    @Test
+    public void testBadPathDotDotPath() throws Exception
+    {
+        String response=connector.getResponses("GET /ooops/../../path HTTP/1.0\nHost: localhost:80\n\n");
+        checkContains(response,0,"HTTP/1.1 400 Bad Request");
+    }
+    
+    @Test
+    public void testOKPathEncodedDotDotPath() throws Exception
+    {
+        String response=connector.getResponses("GET /ooops/%2e%2e/path HTTP/1.0\nHost: localhost:80\n\n");
+        checkContains(response,0,"HTTP/1.1 200 OK");
+        checkContains(response,0,"pathInfo=/path");
+    }
+    
+    @Test
+    public void testBadPathEncodedDotDotPath() throws Exception
+    {
+        String response=connector.getResponses("GET /ooops/%2e%2e/%2e%2e/path HTTP/1.0\nHost: localhost:80\n\n");
+        checkContains(response,0,"HTTP/1.1 400 Bad Request");
+    }
+    
+    @Test
+    public void testBadDotDotPath() throws Exception
+    {
+        String response=connector.getResponses("GET ../path HTTP/1.0\nHost: localhost:80\n\n");
+        checkContains(response,0,"HTTP/1.1 400 Bad Request");
+    }
+    
+    @Test
+    public void testBadSlashDotDotPath() throws Exception
+    {
+        String response=connector.getResponses("GET /../path HTTP/1.0\nHost: localhost:80\n\n");
+        checkContains(response,0,"HTTP/1.1 400 Bad Request");
+    }
+
+    @Test
+    public void testEncodedBadDotDotPath() throws Exception
+    {
+        String response=connector.getResponses("GET %2e%2e/path HTTP/1.0\nHost: localhost:80\n\n");
+        checkContains(response,0,"HTTP/1.1 400 Bad Request");
+    }

    @Test
    public void testEmpty() throws Exception