Sophie: tomcat5-0:5.5.31-14.mga3 src

tomcat5-5.5.31-14.mga3.src.rpm

--- connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java	2011/08/16 12:49:29	1158243
+++ connectors/http11/src/java/org/apache/coyote/http11/Http11AprProcessor.java	2011/08/16 12:50:33	1158244
@@ -907,7 +907,18 @@
                 sendfileData.socket = socket;
                 sendfileData.keepAlive = keepAlive;
                 if (!endpoint.getSendfile().add(sendfileData)) {
-                    openSocket = true;
+                    if (sendfileData.socket == 0) {
+                        // Didn't send all the data but the socket is no longer
+                        // set. Something went wrong. Close the connection.
+                        // Too late to set status code.
+                        if (log.isDebugEnabled()) {
+                            log.debug(sm.getString(
+                                    "http11processor.sendfile.error"));
+                        }
+                        openSocket = false;
+                    } else {
+                        openSocket = true;
+                    }
                     break;
                 }
             }

--- connectors/http11/src/java/org/apache/coyote/http11/LocalStrings.properties	2011/08/16 12:49:29	1158243
+++ connectors/http11/src/java/org/apache/coyote/http11/LocalStrings.properties	2011/08/16 12:50:33	1158244
@@ -56,6 +56,7 @@
 http11processor.socket.info=Exception getting socket information
 http11processor.socket.ssl=Exception getting SSL attributes
 http11processor.socket.timeout=Error setting socket timeout
+http11processor.sendfile.error=Error sending data using sendfile. May be caused by invalid request attributes for start/end points
 
 #
 # InternalInputBuffer

--- connectors/util/java/org/apache/tomcat/util/net/AprEndpoint.java	2011/08/16 12:49:29	1158243
+++ connectors/util/java/org/apache/tomcat/util/net/AprEndpoint.java	2011/08/16 12:50:33	1158244
@@ -1429,7 +1429,9 @@
                                                data.pos, data.end - data.pos, 0);
                     if (nw < 0) {
                         if (!(-nw == Status.EAGAIN)) {
-                            Socket.destroy(data.socket);
+                            Pool.destroy(data.fdpool);
+                            // No need to close socket, this will be done by
+                            // calling code since data.socket == 0
                             data.socket = 0;
                             return false;
                         } else {

--- container/catalina/src/share/org/apache/catalina/connector/Request.java	2011/08/16 12:49:29	1158243
+++ container/catalina/src/share/org/apache/catalina/connector/Request.java	2011/08/16 12:50:33	1158244
@@ -19,6 +19,7 @@
 package org.apache.catalina.connector;
 
 
+import java.io.File;
 import java.io.InputStream;
 import java.io.IOException;
 import java.io.BufferedReader;
@@ -1374,6 +1375,27 @@
             return;
         }
 
+        if (System.getSecurityManager() != null &&
+                name.equals("org.apache.tomcat.sendfile.filename")) {
+            // Use the canonical file name to avoid any possible symlink and
+            // relative path issues
+            String canonicalPath;
+            try {
+                canonicalPath = new File(value.toString()).getCanonicalPath();
+            } catch (IOException e) {
+                SecurityException se = new SecurityException(sm.getString(
+                        "coyoteRequest.sendfileNotCanonical", value));
+                se.initCause(e);
+                throw se;
+            }
+            // Sendfile is performed in Tomcat's security context so need to
+            // check if the web app is permitted to access the file while still
+            // in the web app's security context
+            System.getSecurityManager().checkRead(canonicalPath);
+            // Update the value so the canonical path is used
+            value = canonicalPath;
+        }
+
         Object oldValue = null;
         boolean replaced = false;
 
--- container/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java	2011/08/16 12:49:29	1158243
+++ container/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java	2011/08/16 12:50:33	1158244
@@ -1639,7 +1639,6 @@
                 request.setAttribute("org.apache.tomcat.sendfile.start", new Long(range.start));
                 request.setAttribute("org.apache.tomcat.sendfile.end", new Long(range.end + 1));
             }
-            request.setAttribute("org.apache.tomcat.sendfile.token", this);
             return true;
         } else {
             return false;
--- container/catalina/src/share/org/apache/catalina/connector/LocalStrings.properties	2010-09-04 21:54:44.000000000 +0200
+++ container/catalina/src/share/org/apache/catalina/connector/LocalStrings.properties	2011-12-08 08:42:35.733512416 +0100
@@ -59,6 +59,7 @@
 coyoteRequest.parseParameters=Exception thrown whilst processing POSTed parameters
 coyoteRequest.postTooLarge=Parameters were not parsed because the size of the posted data was too big. Use the maxPostSize attribute of the connector to resolve this if the application should accept large POSTs.
 coyoteRequest.chunkedPostTooLarge=Parameters were not parsed because the size of the posted data was too big. Because this request was a chunked request, it could not be processed further. Use the maxPostSize attribute of the connector to resolve this if the application should accept large POSTs.
+coyoteRequest.sendfileNotCanonical=Unable to determine canonical name of file [{0}] specified for use with sendfile
 
 requestFacade.nullRequest=Null request object
 responseFacade.nullResponse=Null response object