You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by la...@apache.org on 2001/09/15 03:31:32 UTC
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util/buf DateTool.java
larryi 01/09/14 18:31:32
Modified: src/share/org/apache/tomcat/util/buf DateTool.java
Log:
Minimize vulnerability from SimpleDateFormat's non-thread safety.
Submitted by: Bill Barker <wb...@wilshire.com>
Revision Changes Path
1.7 +22 -22 jakarta-tomcat/src/share/org/apache/tomcat/util/buf/DateTool.java
Index: DateTool.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/buf/DateTool.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- DateTool.java 2001/08/24 08:02:35 1.6
+++ DateTool.java 2001/09/15 01:31:32 1.7
@@ -88,15 +88,15 @@
/** format for RFC 1123 date string -- "Sun, 06 Nov 1994 08:49:37 GMT"
*/
- private final static String RFC1123_PATTERN =
+ public final static String RFC1123_PATTERN =
"EEE, dd MMM yyyy HH:mm:ss z";
// format for RFC 1036 date string -- "Sunday, 06-Nov-94 08:49:37 GMT"
- private final static String rfc1036Pattern =
+ public final static String rfc1036Pattern =
"EEEEEEEEE, dd-MMM-yy HH:mm:ss z";
// format for C asctime() date string -- "Sun Nov 6 08:49:37 1994"
- private final static String asctimePattern =
+ public final static String asctimePattern =
"EEE MMM d HH:mm:ss yyyy";
/** Pattern used for old cookies
@@ -157,13 +157,19 @@
public static void formatOldCookie( Date d, StringBuffer sb,
FieldPosition fp )
{
- oldCookieFormat.format( d, sb, fp );
+ synchronized(oldCookieFormat) {
+ oldCookieFormat.format( d, sb, fp );
+ }
}
// Called from ServerCookie
public static String formatOldCookie( Date d )
{
- return oldCookieFormat.format( d );
+ String ocf=null;
+ synchronized(oldCookieFormat) {
+ ocf= oldCookieFormat.format( d );
+ }
+ return ocf;
}
@@ -171,24 +177,18 @@
Not efficient - but not very used.
*/
public static long parseDate( String dateString ) {
+ DateFormat [] format = {rfc1123Format,rfc1036Format,asctimeFormat};
+ return parseDate(dateString,format);
+ }
+ public static long parseDate( String dateString, DateFormat []format ) {
Date date=null;
- try {
- date = DateTool.rfc1123Format.parse(dateString);
- return date.getTime();
- } catch (ParseException e) { }
- catch (StringIndexOutOfBoundsException e) { }
-
- try {
- date = DateTool.rfc1036Format.parse(dateString);
- return date.getTime();
- } catch (ParseException e) { }
- catch (StringIndexOutOfBoundsException e) { }
-
- try {
- date = DateTool.asctimeFormat.parse(dateString);
- return date.getTime();
- } catch (ParseException pe) { }
- catch (StringIndexOutOfBoundsException e) { }
+ for(int i=0; i < format.length; i++) {
+ try {
+ date = format[i].parse(dateString);
+ return date.getTime();
+ } catch (ParseException e) { }
+ catch (StringIndexOutOfBoundsException e) { }
+ }
String msg = sm.getString("httpDate.pe", dateString);
throw new IllegalArgumentException(msg);
}