0006217: 500 Servlet Exception when .; appears in URL *not* directly after a /

Viewing Issue Advanced Details [ Jump to Notes ]

[ View Simple ] [ Issue History ] [ Print ]

Category

Severity

Reproducibility

Date Submitted

Last Update

0006217

[Resin]

minor

always

03-09-19 15:17

03-21-19 16:32

Reporter

stbu

View Status

public

Assigned To

ferg

Priority

normal

Resolution

fixed

Platform

Status

closed

Projection

none

OS Version

ETA

none

Fixed in Version

4.0.62

Product Version

4.0.61

Product Build

Summary

0006217: 500 Servlet Exception when .; appears in URL *not* directly after a /

Description

When ".;" appears somewhere within the Context-Path of a web-app or a URL in general, but not directly after a "/" then a Servlet Exception is raised rather than a proper Response such as 400 Bad Request / The request contains an illegal URL.

If these ".;" are not allowed to appear within the URL then Resin should rather respond with a 400 than a 500.

500 Servlet Exception

[show] java.lang.IllegalArgumentException: /mywebapp/subfolder/index.;html is
an invalid URL.

java.lang.IllegalArgumentException: /mywebapp/subfolder/index.;html is
an invalid URL.
    at com.caucho.server.dispatch.ServletInvocation.stripPathParameters(ServletInvocation.java:355)
    at com.caucho.server.dispatch.ServletInvocation.setContextURI(ServletInvocation.java:104)
    at com.caucho.server.dispatch.Invocation.setURI(Invocation.java:175)
    at com.caucho.server.dispatch.InvocationDecoder.splitQueryAndUnescape(InvocationDecoder.java:255)
    at com.caucho.server.http.AbstractHttpRequest.buildInvocation(AbstractHttpRequest.java:1594)
    at com.caucho.server.http.AbstractHttpRequest.getInvocation(AbstractHttpRequest.java:1583)
    at com.caucho.server.http.HttpRequest.handleRequest(HttpRequest.java:825)
    at com.caucho.network.listen.TcpSocketLink.dispatchRequest(TcpSocketLink.java:1393)
    at com.caucho.network.listen.TcpSocketLink.handleRequest(TcpSocketLink.java:1349)
    at com.caucho.network.listen.TcpSocketLink.handleRequestsImpl(TcpSocketLink.java:1333)
    at com.caucho.network.listen.TcpSocketLink.handleRequests(TcpSocketLink.java:1241)
    at com.caucho.network.listen.TcpSocketLink.handleAcceptTaskImpl(TcpSocketLink.java:1037)
    at com.caucho.network.listen.ConnectionTask.runThread(ConnectionTask.java:117)
    at com.caucho.network.listen.ConnectionTask.run(ConnectionTask.java:93)
    at com.caucho.network.listen.SocketLinkThreadLauncher.handleTasks(SocketLinkThreadLauncher.java:175)
    at com.caucho.network.listen.TcpSocketAcceptThread.run(TcpSocketAcceptThread.java:61)
    at com.caucho.env.thread2.ResinThread2.runTasks(ResinThread2.java:173)
    at com.caucho.env.thread2.ResinThread2.run(ResinThread2.java:118)

Resin/4.0.61 Server: 'app-0'

Steps To Reproduce

Additional Information

Steps to reproduce:
Download fresh Resin-4.0.61
cd webapps
mkdir -p mywebapp/subfolder
touch mywebapp/subfolder/index.html

Example problematic Requests causing 500 Servlet Exception
http://localhost:8080/mywebapp/subfolder/index.;html [^]
http://localhost:8080/mywebapp/sub.;folder/index.html [^]
http://localhost:8080/mywebapp.;/subfolder/index.html [^]

Note:
If the ".;" appears directly after a / the result is fine with a 400 Bad Request response such as:
http://localhost:8080/mywebapp/.;subfolder/index.html [^]
http://localhost:8080/mywebapp/subfolder/.;index.html [^]

Attached Files

Relationships

Notes
(0006877) ferg 03-21-19 16:11	server/003y

Issue History
Date Modified	Username	Field	Change
03-09-19 15:17	stbu	New Issue
03-09-19 15:17	stbu	Issue Monitored: stbu
03-21-19 16:11	ferg	Note Added: 0006877
03-21-19 16:11	ferg	Assigned To	=> ferg
03-21-19 16:11	ferg	Status	new => assigned
03-21-19 16:11	ferg	Resolution	open => fixed
03-21-19 16:11	ferg	Fixed in Version	=> 4.0.62
03-21-19 16:32	ferg	Status	assigned => closed

Mantis 1.0.0rc3[^]

30 total queries executed.
26 unique queries executed.