You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by la...@apache.org on 2002/01/09 07:29:07 UTC

cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util JavaGeneratorTool.java

larryi      02/01/08 22:29:07

  Modified:    src/share/org/apache/tomcat/util JavaGeneratorTool.java
  Log:
  Try to avoid denial of service attack where a JSP page uses a name
  matching a Windows DOS device name, such as aux.jsp. Otherwise,
  attempting to read the device may hang the thread servicing the request.
  
  Revision  Changes    Path
  1.6       +5 -1      jakarta-tomcat/src/share/org/apache/tomcat/util/JavaGeneratorTool.java
  
  Index: JavaGeneratorTool.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/JavaGeneratorTool.java,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- JavaGeneratorTool.java	19 Dec 2001 02:39:39 -0000	1.5
  +++ JavaGeneratorTool.java	9 Jan 2002 06:29:07 -0000	1.6
  @@ -153,7 +153,11 @@
   	int version=0;
   	try {
   	    FileInputStream fis=new FileInputStream( mapFile );
  -	    version=(int)fis.read();
  +            // The following helps avoid blocking on Windows DOS devices
  +            // if someone tries to access something like aux.jsp.
  +            if( fis.available() > 0 ) {
  +                version=(int)fis.read();
  +            }
   	    fis.close();
   	} catch( Exception ex ) {
   	    System.out.println("readVersion() mapPath=" + mapFile + ex);
  
  
  

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>