Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.4.1.CR1, 7.4.1.GA
Affects Version/s: 7.3.6.GA
Component/s: Undertow
Labels:
- test_included

Blocked:
False
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
QE Test Coverage:
+
Release Note Text:
Undefined
Target Release:

7.4.z.GA
Git Pull Request:
https://github.com/undertow-io/undertow/pull/1117
Steps to Reproduce:
Hide

Install a EAP 7.3.6 and then deploy IssueTest.war

From a browser visit http://localhost:8080/IssueTest/jsp/forward-1.jsp

The above jsp tries to forward request to web.xml file using below code with relative path "../../../../WEB-INF/web.xml"

request.getRequestDispatcher("../../../../WEB-INF/web.xml").forward(request, response);

Expected result: The calculated path goes outside/beyond the context root /IssueTest and a null should be returned by method getRequestDispatcher() , with proper error/warning message.

Actual result: the content of web.xml file is returned to browser and there is no error.
Show
Install a EAP 7.3.6 and then deploy IssueTest.war From a browser visit http://localhost:8080/IssueTest/jsp/forward-1.jsp The above jsp tries to forward request to web.xml file using below code with relative path "../../../../WEB-INF/web.xml" request.getRequestDispatcher( "../../../../WEB-INF/web.xml" ).forward(request, response); Expected result: The calculated path goes outside/beyond the context root /IssueTest and a null should be returned by method getRequestDispatcher() , with proper error/warning message. Actual result: the content of web.xml file is returned to browser and there is no error.
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

In Undertow, when the class "io.undertow.util.CanonicalPathUtils" is used to canonicalize a given path URI, it may ignore some two-dot segments (../) when the calculated path goes beyond/outside the servlet context.

Reference: ~~JBEAP-21543~~

The javadoc of getRequestDipatcher says:

The pathname specified may be relative, although it cannot extend outside the current servlet context. If the path begins with a "/" it is interpreted as relative to the current context root. This method returns null if the servlet container cannot return a RequestDispatcher.

So a path like /../../../something is currently returning the dispatcher to /something which is against the spec or at least very weird. Returning null is much more aligned with the spec and with the reference implementation.

There will be a way (system property) of setting back the previous behavior just in case.

is caused by

UNDERTOW-1886 Request dispatcher is returned when the path points to outside the servlet context

Resolved

is cloned by

JBEAP-21589 [GSS](7.3.z) UNDERTOW-1886 - Undertow ignores two-dot segments in relative path URI when its canonicalized path is outside servlet context

Closed

is incorporated by

JBEAP-21270 [GSS] (7.4.z) Upgrade undertow from 2.2.5.Final-redhat-00001 to 2.2.9.Final-redhat-00001

Closed

Assignee:: Ricardo Martin Camarero

Reporter:: Ricardo Martin Camarero

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2021/04/27 3:02 PM

Updated:: 2024/08/27 1:48 PM

Resolved:: 2021/07/09 10:23 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates