group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1606331] Re: StringIndexOutOfBoundsException - Tomcat8.0.32

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1606331@xxxxxxxxxxxxxxxxxx>
Date: Mon, 28 Jan 2019 09:38:27 -0000
Reply-to: Bug 1606331 <1606331@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package tomcat8 - 8.0.32-1ubuntu1.9

---------------
tomcat8 (8.0.32-1ubuntu1.9) xenial; urgency=medium

  * d/p/fix-class-resource-name-filtering.patch: Fix class and resource name
    filtering in WebappClassLoader (LP: #1606331).

 -- Karl Stenerud <karl.stenerud@xxxxxxxxxxxxx>  Mon, 10 Dec 2018
15:08:07 +0100

** Changed in: tomcat8 (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1606331

Title:
  StringIndexOutOfBoundsException - Tomcat8.0.32

Status in Tomcat7:
  Fix Released
Status in tomcat8 package in Ubuntu:
  Fix Released
Status in tomcat8 source package in Xenial:
  Fix Released
Status in tomcat8 source package in Yakkety:
  Fix Released

Bug description:
  [Impact]

   * There was a software bug in the 8.0.32 release of tomcat8,
  subsequently fixed in 8.0.33, with acessing past the end of a string.

  [Test Case]

  # lxc launch ubuntu:xenial tester && lxc exec tester bash
  # apt update && apt dist-upgrade -y && apt install -y tomcat8 && mkdir -p /var/lib/tomcat8/webapps/test && echo '<%@ page contentType="text/html;charset=UTF-8" language="java" %>
  <html>
  <head>
      <title>$Title$</title>
  </head>
  <body>
  <%
      Class.forName("org");
  %>
  </body>
  </html>
  ' >/var/lib/tomcat8/webapps/test/test.jsp
  # service tomcat8 restart
  # curl localhost:8080/test/test.jsp
  ...
   An exception occurred processing JSP page /test.jsp at line 8
  5: &lt;/head&gt;
  6: &lt;body&gt;
  7: &lt;%
  8:     Class.forName(&quot;org&quot;);
  9: %&gt;
  10: &lt;/body&gt;
  11: &lt;/html&gt;
  ...
  </pre><p><b>root cause</b></p><pre>java.lang.StringIndexOutOfBoundsException: String index out of range: 3
  ...

  [Regression Potential]

  If the lengths are wrong in the patch, then this will filter out more
  than just the top level identifiers. Although tbh the chances of
  someone actually putting a partial identifier not the top level id is
  pretty low.

  [Original Description]

  ---

  Tomcat 8.0.32 has a known and corrected bug

  https://bz.apache.org/bugzilla/show_bug.cgi?id=58999

  which in some cases prevents a webapp from executing. I have
  encountered this error.  The fix will be to place a later version of
  Tomcat8 into the Ubuntu 16.04 repository.

  I encountered this error using:

  ----------------------------

  OpenVPMS 1.8.1 (veterinary practice management webapp)
  MySQL 5.7.13
  Open-jdk 1.8.0_91
  Tomcat 8.0.32
  mysql-connector-java-5.1.39

  ----------------------------

  The webapp in this case (OpenVPMS) runs under tomcat7 but not under
  this specific version of Tomcat (8.0.32).  Instead, tomcat throws a
  404-/openvpms error.  The relevant portion of the tomcat log is:

  Caused by: java.lang.StringIndexOutOfBoundsException: String index out of range: 3
   at java.lang.String.charAt(String.java:658)
   at org.apache.catalina.loader.WebappClassLoaderBase.filter(WebappClassLoaderBase.java:2780)
   at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1253)
   at java.lang.ClassLoader.loadClass(ClassLoader.java:411)
   at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
   at java.lang.Class.forName0(Native Method)
   at java.lang.Class.forName(Class.java:348)

  Thank you.

To manage notifications about this bug go to:
https://bugs.launchpad.net/tomcat7/+bug/1606331/+subscriptions