You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/01/21 11:08:15 UTC
svn commit: r1653471 - in /tomcat/trunk: conf/catalina.properties java/org/apache/catalina/startup/Bootstrap.java test/org/apache/catalina/startup/TestBootstrap.java

Author: markt
Date: Wed Jan 21 10:08:15 2015
New Revision: 1653471

URL: http://svn.apache.org/r1653471
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=57455
Add a note that " may not appear in a path value and throw an IAE if once does.

Modified:
    tomcat/trunk/conf/catalina.properties
    tomcat/trunk/java/org/apache/catalina/startup/Bootstrap.java
    tomcat/trunk/test/org/apache/catalina/startup/TestBootstrap.java

Modified: tomcat/trunk/conf/catalina.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.properties?rev=1653471&r1=1653470&r2=1653471&view=diff
==============================================================================
--- tomcat/trunk/conf/catalina.properties (original)
+++ tomcat/trunk/conf/catalina.properties Wed Jan 21 10:08:15 2015
@@ -48,6 +48,8 @@ org.apache.jasper.,org.apache.naming.,or
 #
 # Note: Values are enclosed in double quotes ("...") in case either the
 #       ${catalina.base} path or the ${catalina.home} path contains a comma.
+#       Because double quotes are used for quoting, the double quote character
+#       may not appear in a path.
 common.loader="${catalina.base}/lib","${catalina.base}/lib/*.jar","${catalina.home}/lib","${catalina.home}/lib/*.jar"
 
 #
@@ -61,6 +63,11 @@ common.loader="${catalina.base}/lib","${
 #     "foo/*.jar": Add all the JARs of the specified folder as class
 #                  repositories
 #     "foo/bar.jar": Add bar.jar as a class repository
+#
+# Note: Values may be enclosed in double quotes ("...") in case either the
+#       ${catalina.base} path or the ${catalina.home} path contains a comma.
+#       Because double quotes are used for quoting, the double quote character
+#       may not appear in a path.
 server.loader=
 
 #
@@ -75,6 +82,11 @@ server.loader=
 #     "foo/bar.jar": Add bar.jar as a class repository
 # Please note that for single jars, e.g. bar.jar, you need the URL form
 # starting with file:.
+#
+# Note: Values may be enclosed in double quotes ("...") in case either the
+#       ${catalina.base} path or the ${catalina.home} path contains a comma.
+#       Because double quotes are used for quoting, the double quote character
+#       may not appear in a path.
 shared.loader=
 
 # Default list of JAR files that should not be scanned using the JarScanner

Modified: tomcat/trunk/java/org/apache/catalina/startup/Bootstrap.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/Bootstrap.java?rev=1653471&r1=1653470&r2=1653471&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/startup/Bootstrap.java (original)
+++ tomcat/trunk/java/org/apache/catalina/startup/Bootstrap.java Wed Jan 21 10:08:15 2015
@@ -568,14 +568,28 @@ public final class Bootstrap {
             String path = value.substring(matcher.start(), matcher.end());
 
             path = path.trim();
+            if (path.length() == 0) {
+                continue;
+            }
+
+            char first = path.charAt(0);
+            char last = path.charAt(path.length() - 1);
 
-            if (path.startsWith("\"") && path.length() > 1) {
+            if (first == '"' && last == '"' && path.length() > 1) {
                 path = path.substring(1, path.length() - 1);
                 path = path.trim();
-            }
-
-            if (path.length() == 0) {
-                continue;
+                if (path.length() == 0) {
+                    continue;
+                }
+            } else if (path.contains("\"")) {
+                // Unbalanced quotes
+                // Too early to use standard i18n support. The class path hasn't
+                // been configured.
+                throw new IllegalArgumentException(
+                        "The double quote [\"] character only be used to quote paths. It must " +
+                        "not appear in a path. This loader path is not valid: [" + value + "]");
+            } else {
+                // Not quoted - NO-OP
             }
 
             result.add(path);

Modified: tomcat/trunk/test/org/apache/catalina/startup/TestBootstrap.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/startup/TestBootstrap.java?rev=1653471&r1=1653470&r2=1653471&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/startup/TestBootstrap.java (original)
+++ tomcat/trunk/test/org/apache/catalina/startup/TestBootstrap.java Wed Jan 21 10:08:15 2015
@@ -113,6 +113,66 @@ public class TestBootstrap {
         doTest("aaa,\"bbb,\"", "aaa", "bbb,");
     }
 
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes01() {
+        doTest("\"", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes02() {
+        doTest("\"aaa", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes03() {
+        doTest("aaa\"", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes04() {
+        doTest("a\"a", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes05() {
+        doTest("b,\"", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes06() {
+        doTest("b,\"aaa", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes07() {
+        doTest("b,aaa\"", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes08() {
+        doTest("b,a\"a", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes09() {
+        doTest("\",b", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes10() {
+        doTest("\"aaa,b", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes11() {
+        doTest("aaa\",b", "ignored");
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testUnbalancedQuotes12() {
+        doTest("a\"a,b", "ignored");
+    }
+
     private void doTest(String input, String... expected) {
         String[] result = Bootstrap.getPaths(input);
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org