You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2015/01/17 21:28:59 UTC
[Bug 57455] New: Bootstrap doesn't handle paths with one quote
https://issues.apache.org/bugzilla/show_bug.cgi?id=57455
Bug ID: 57455
Summary: Bootstrap doesn't handle paths with one quote
Product: Tomcat 9
Version: unspecified
Hardware: PC
OS: All
Status: NEW
Severity: trivial
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: tobias@stoeckmann.org
Created attachment 32374
--> https://issues.apache.org/bugzilla/attachment.cgi?id=32374&action=edit
Fix with tests
During bootstrap, repositories for class loaders are scanned from
configuration. The syntax allows to quote paths and/or to simply join them with
commas.
If the path starts with a quote ("), Bootstrap#getPaths assumes that it must
have hit the first regular expression match and implies that it will end with a
quote, too.
This is not correct, "a for example would be allowed due to the second regular
expression rule. Bootstrap#getPaths would swallow the last character (a) and
proceed.
The fix is simple: Before removing the quotes, make sure that the string
actually ends with a quote.
Please see attached diff for latest trunk version of Tomcat 9, which also
covers the issue with a new test case.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 57455] Bootstrap doesn't handle paths with one quote
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=57455
--- Comment #3 from Christopher Schultz <ch...@christopherschultz.net> ---
(In reply to Mark Thomas from comment #1)
> I'm leaning towards 'fixing' this by adding a comment that paths with '"'
> are not permitted to catalina.propeties.
+1 with an actual check for the condition and an error message, rather than
odd-looking behavior, and another bug being filed down the road.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 57455] Bootstrap doesn't handle paths with one quote
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=57455
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #4 from Mark Thomas <ma...@apache.org> ---
Fixed in trunk and 8.0.x and will be included in 8.0.18 onwards.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 57455] Bootstrap doesn't handle paths with one quote
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=57455
Tobias Stoeckmann <to...@stoeckmann.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|Catalina |Catalina
Version|unspecified |trunk
Product|Tomcat 9 |Tomcat 8
Target Milestone|----- |----
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 57455] Bootstrap doesn't handle paths with one quote
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=57455
--- Comment #2 from Tobias Stoeckmann <to...@stoeckmann.org> ---
Totally fine with that approach!
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 57455] Bootstrap doesn't handle paths with one quote
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=57455
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Thanks for the patch. I can confirm that it fixes the issues described. But...
This has the potential to get messy. Neither " nor , is permitted in a file
name in Windows but both are acceptable in unix and friends.
We started off simply using ',' (comma) as a delimiter. This assumed ',' never
appeared in the value. Then we had a bug report that paths containing ',' broke
things. To fix this we added optional quoting using '"'. This allowed ',' to
appear in the value if the value was quoted. This assumed '"' never appeared in
a value. Now we have this bug.
I am concerned that the proposed solution is a sticking plaster rather than a
complete fix and that in a few months time we'll have someone raising a bug
about a different edge case (I can already see several valid file names that
will break this).
Unless we switch to using an escape character of some form, we are always going
to have these issues. And I'm not at all sure that escaping will be possible
since the values being parsed are obtained - in the default case - via
unescaped environment variables.
I'm leaning towards 'fixing' this by adding a comment that paths with '"' are
not permitted to catalina.propeties.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org