You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2014/09/18 07:46:33 UTC
[Bug 56991] New: Request attribute org.apache.catalina.jsp_file
needs to be nulled out after single use
https://issues.apache.org/bugzilla/show_bug.cgi?id=56991
Bug ID: 56991
Summary: Request attribute org.apache.catalina.jsp_file needs
to be nulled out after single use
Product: Tomcat 8
Version: 8.0.12
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Jasper
Assignee: dev@tomcat.apache.org
Reporter: janb@mortbay.com
See JspServlet lines 302-304:
// JSP specified via <jsp-file> in <servlet> declaration and supplied
through
//custom servlet container code
jspUri = (String) request.getAttribute(Constants.JSP_FILE);
The comment here implies that the container uses this method to identify a
servlet that is declared with a jsp-file attribute. However, tomcat actually
uses the init-param "jspFile" on a copy of the JspServlet with the name of the
target jsp instead.
If a container sets this attribute as per the comment, it can cause stack
overflow when jsp including is used:
a.jsp is defined in a jsp-file on a servlet in web.xml
a.jsp includes b.jsp
When a.jsp is serviced it does an include dispatch to b.jsp. When the
JspServlet is called for b.jsp, it sees that the request attribute with a.jsp
is set, so processes it again ... which does an include dispatch for b.jsp ...
which causes a.jsp to be processed again .... and then rinse and repeat.
Note that Glassfish nulls out this attribute after it has been detected:
if (jspFile != null) {
// JSP is specified via <jsp-file> in <servlet> declaration
jspUri = jspFile;
request.removeAttribute(Constants.JSP_FILE);
} else {
Jan
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 56991] Request attribute org.apache.catalina.jsp_file needs to
be nulled out after single use
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56991
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
A little svn archeology discovered r1003589 where the use of this attribute was
removed.
I'll apply the suggested fix and deprecate this attribute so it can be removed
in 9.0.x.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 56991] Request attribute org.apache.catalina.jsp_file needs to
be nulled out after single use
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56991
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Mark Thomas <ma...@apache.org> ---
This has been fixed in 8.0.x and 8.0.13 onwards and in 7.0.x for 7.0.56
onwards.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org