Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1886

Request dispatcher is returned when the path points to outside the servlet context

    XMLWordPrintable

Details

    Description

      In Undertow, when the class io.undertow.util.CanonicalPathUtils is used to canonicalize a given path URI, it may ignore some two-dot segments (../) when the calculated path goes beyond/outside the servlet context.

      The javadoc of getRequestDipatcher says:

      The pathname specified may be relative, although it cannot extend outside the current servlet context. If the path begins with a "/" it is interpreted as relative to the current context root. This method returns null if the servlet container cannot return a RequestDispatcher.

      So a path like /../../../something is currently returning the dispatcher to /something which is against the spec or at least very weird. Returning null is much more aligned with the spec and with the reference implementation.

      There will be a way (system property) of setting back the previous behavior just in case.

      Attachments

        Issue Links

          causes

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-21589 [GSS](7.3.z) UNDERTOW-1886 - Undertow ignores two-dot segments in relative path URI when its canonicalized path is outside servlet context

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-21749 [GSS](7.4.z) UNDERTOW-1886 - Undertow ignores two-dot segments in relative path URI when its canonicalized path is outside servlet context

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-23475 Error processing request when path contains "/../../"

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. WFCORE-5425 Upgrade Undertow from 2.2.6.Final to 2.2.8.Final

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              rhn-support-rmartinc Ricardo Martin Camarero
              rhn-support-rmartinc Ricardo Martin Camarero
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: