You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/05/17 16:07:12 UTC
[tomcat] branch 8.5.x updated: Ensure that the entire global XSLT
file is read if one is defined.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 58e53d7 Ensure that the entire global XSLT file is read if one is defined.
58e53d7 is described below
commit 58e53d732a97c8b7ab04c9b5162eed65933bbcf0
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri May 17 17:03:56 2019 +0100
Ensure that the entire global XSLT file is read if one is defined.
Identified by Coverity Scan.
---
.../org/apache/catalina/servlets/DefaultServlet.java | 16 +++++++++++-----
java/org/apache/catalina/util/IOTools.java | 20 ++++++++++++++++++++
webapps/docs/changelog.xml | 4 ++++
3 files changed, 35 insertions(+), 5 deletions(-)
diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java b/java/org/apache/catalina/servlets/DefaultServlet.java
index 5920470..9aa9950 100644
--- a/java/org/apache/catalina/servlets/DefaultServlet.java
+++ b/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -72,6 +72,7 @@ import org.apache.catalina.WebResource;
import org.apache.catalina.WebResourceRoot;
import org.apache.catalina.connector.RequestFacade;
import org.apache.catalina.connector.ResponseFacade;
+import org.apache.catalina.util.IOTools;
import org.apache.catalina.util.ServerInfo;
import org.apache.catalina.util.URLEncoder;
import org.apache.catalina.webresources.CachedResource;
@@ -1990,11 +1991,16 @@ public class DefaultServlet extends HttpServlet {
*/
if (globalXsltFile != null) {
File f = validateGlobalXsltFile();
- if (f != null){
- try (FileInputStream fis = new FileInputStream(f)){
- byte b[] = new byte[(int)f.length()]; /* danger! */
- fis.read(b);
- return new StreamSource(new ByteArrayInputStream(b));
+ if (f != null) {
+ long globalXsltFileSize = f.length();
+ if (globalXsltFileSize > Integer.MAX_VALUE) {
+ log("globalXsltFile [" + f.getAbsolutePath() + "] is too big to buffer");
+ } else {
+ try (FileInputStream fis = new FileInputStream(f)){
+ byte b[] = new byte[(int)f.length()];
+ IOTools.readFully(fis, b);
+ return new StreamSource(new ByteArrayInputStream(b));
+ }
}
}
}
diff --git a/java/org/apache/catalina/util/IOTools.java b/java/org/apache/catalina/util/IOTools.java
index 83852c2..22ba06f 100644
--- a/java/org/apache/catalina/util/IOTools.java
+++ b/java/org/apache/catalina/util/IOTools.java
@@ -87,4 +87,24 @@ public class IOTools {
}
}
}
+
+
+ /**
+ * Read until EOF or the buffer is filled.
+ *
+ * @param is The source to read from
+ * @param buf The buffer to write to
+ *
+ * @return The number of bytes read
+ *
+ * @throws IOException If an I/O error occurs during the read
+ */
+ public static int readFully(InputStream is, byte[] buf) throws IOException {
+ int bytesRead = 0;
+ int read;
+ while (bytesRead < buf.length && ((read = is.read(buf, bytesRead, buf.length - bytesRead)) >= 0)) {
+ bytesRead += read;
+ }
+ return bytesRead;
+ }
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5338c5a..4041c50 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -50,6 +50,10 @@
<add>
<bug>57287</bug>: Add file sorting to DefaultServlet (schultz)
</add>
+ <fix>
+ Ensure that the default servlet reads the entire global XSLT file if
+ one is defined. Identified by Coverity Scan. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org