From 9b8a78392ca2fa3efaf72f59136526384075f21c Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Tue, 11 Jun 2013 14:44:26 +1000 Subject: [PATCH] 410405 Avoid NPE for requestDispatcher(../) Added extra tests for dotdot and encoded dotdot. Also protected against dotdot in absolute URIs --- .../jetty/server/AbstractHttpConnection.java | 2 +- .../jetty/server/HttpConnectionTest.java | 60 +++++++++++++++++++ 2 files changed, 61 insertions(+), 1 deletion(-) diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/AbstractHttpConnection.java b/jetty-server/src/main/java/org/eclipse/jetty/server/AbstractHttpConnection.java index 0cf91bf7d00..6d572f775a1 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/AbstractHttpConnection.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/AbstractHttpConnection.java @@ -469,7 +469,7 @@ public abstract class AbstractHttpConnection extends AbstractConnection info=URIUtil.canonicalPath(path); if (info==null && !_request.getMethod().equals(HttpMethods.CONNECT)) { - if (_uri.getScheme()!=null && _uri.getHost()!=null) + if (path==null && _uri.getScheme()!=null && _uri.getHost()!=null) { info="/"; _request.setRequestURI(""); diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/HttpConnectionTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/HttpConnectionTest.java index f3393515d8f..2d7f9172148 100644 --- a/jetty-server/src/test/java/org/eclipse/jetty/server/HttpConnectionTest.java +++ b/jetty-server/src/test/java/org/eclipse/jetty/server/HttpConnectionTest.java @@ -128,6 +128,66 @@ public class HttpConnectionTest checkContains(response,offset,"pathInfo=/"); } + @Test + public void testBadNoPath() throws Exception + { + String response=connector.getResponses("GET http://localhost:80/../cheat HTTP/1.1\n"+ + "Host: localhost:80\n"+ + "\n"); + int offset=0; + offset = checkContains(response,offset,"HTTP/1.1 400"); + } + + @Test + public void testOKPathDotDotPath() throws Exception + { + String response=connector.getResponses("GET /ooops/../path HTTP/1.0\nHost: localhost:80\n\n"); + checkContains(response,0,"HTTP/1.1 200 OK"); + checkContains(response,0,"pathInfo=/path"); + } + + @Test + public void testBadPathDotDotPath() throws Exception + { + String response=connector.getResponses("GET /ooops/../../path HTTP/1.0\nHost: localhost:80\n\n"); + checkContains(response,0,"HTTP/1.1 400 Bad Request"); + } + + @Test + public void testOKPathEncodedDotDotPath() throws Exception + { + String response=connector.getResponses("GET /ooops/%2e%2e/path HTTP/1.0\nHost: localhost:80\n\n"); + checkContains(response,0,"HTTP/1.1 200 OK"); + checkContains(response,0,"pathInfo=/path"); + } + + @Test + public void testBadPathEncodedDotDotPath() throws Exception + { + String response=connector.getResponses("GET /ooops/%2e%2e/%2e%2e/path HTTP/1.0\nHost: localhost:80\n\n"); + checkContains(response,0,"HTTP/1.1 400 Bad Request"); + } + + @Test + public void testBadDotDotPath() throws Exception + { + String response=connector.getResponses("GET ../path HTTP/1.0\nHost: localhost:80\n\n"); + checkContains(response,0,"HTTP/1.1 400 Bad Request"); + } + + @Test + public void testBadSlashDotDotPath() throws Exception + { + String response=connector.getResponses("GET /../path HTTP/1.0\nHost: localhost:80\n\n"); + checkContains(response,0,"HTTP/1.1 400 Bad Request"); + } + + @Test + public void testEncodedBadDotDotPath() throws Exception + { + String response=connector.getResponses("GET %2e%2e/path HTTP/1.0\nHost: localhost:80\n\n"); + checkContains(response,0,"HTTP/1.1 400 Bad Request"); + } @Test public void testEmpty() throws Exception