0006217: 500 Servlet Exception when .; appears in URL *not* directly after a /

Viewing Issue Simple Details [ Jump to Notes ]

[ View Advanced ] [ Issue History ] [ Print ]

Category

Severity

Reproducibility

Date Submitted

Last Update

0006217

[Resin]

minor

always

03-09-19 15:17

03-21-19 16:32

Reporter

stbu

View Status

public

Assigned To

ferg

Priority

normal

Resolution

fixed

Status

closed

Product Version

4.0.61

Summary

0006217: 500 Servlet Exception when .; appears in URL *not* directly after a /

Description

When ".;" appears somewhere within the Context-Path of a web-app or a URL in general, but not directly after a "/" then a Servlet Exception is raised rather than a proper Response such as 400 Bad Request / The request contains an illegal URL.

If these ".;" are not allowed to appear within the URL then Resin should rather respond with a 400 than a 500.

500 Servlet Exception

[show] java.lang.IllegalArgumentException: /mywebapp/subfolder/index.;html is
an invalid URL.

java.lang.IllegalArgumentException: /mywebapp/subfolder/index.;html is
an invalid URL.
    at com.caucho.server.dispatch.ServletInvocation.stripPathParameters(ServletInvocation.java:355)
    at com.caucho.server.dispatch.ServletInvocation.setContextURI(ServletInvocation.java:104)
    at com.caucho.server.dispatch.Invocation.setURI(Invocation.java:175)
    at com.caucho.server.dispatch.InvocationDecoder.splitQueryAndUnescape(InvocationDecoder.java:255)
    at com.caucho.server.http.AbstractHttpRequest.buildInvocation(AbstractHttpRequest.java:1594)
    at com.caucho.server.http.AbstractHttpRequest.getInvocation(AbstractHttpRequest.java:1583)
    at com.caucho.server.http.HttpRequest.handleRequest(HttpRequest.java:825)
    at com.caucho.network.listen.TcpSocketLink.dispatchRequest(TcpSocketLink.java:1393)
    at com.caucho.network.listen.TcpSocketLink.handleRequest(TcpSocketLink.java:1349)
    at com.caucho.network.listen.TcpSocketLink.handleRequestsImpl(TcpSocketLink.java:1333)
    at com.caucho.network.listen.TcpSocketLink.handleRequests(TcpSocketLink.java:1241)
    at com.caucho.network.listen.TcpSocketLink.handleAcceptTaskImpl(TcpSocketLink.java:1037)
    at com.caucho.network.listen.ConnectionTask.runThread(ConnectionTask.java:117)
    at com.caucho.network.listen.ConnectionTask.run(ConnectionTask.java:93)
    at com.caucho.network.listen.SocketLinkThreadLauncher.handleTasks(SocketLinkThreadLauncher.java:175)
    at com.caucho.network.listen.TcpSocketAcceptThread.run(TcpSocketAcceptThread.java:61)
    at com.caucho.env.thread2.ResinThread2.runTasks(ResinThread2.java:173)
    at com.caucho.env.thread2.ResinThread2.run(ResinThread2.java:118)

Resin/4.0.61 Server: 'app-0'

Additional Information

Steps to reproduce:
Download fresh Resin-4.0.61
cd webapps
mkdir -p mywebapp/subfolder
touch mywebapp/subfolder/index.html

Example problematic Requests causing 500 Servlet Exception
http://localhost:8080/mywebapp/subfolder/index.;html [^]
http://localhost:8080/mywebapp/sub.;folder/index.html [^]
http://localhost:8080/mywebapp.;/subfolder/index.html [^]

Note:
If the ".;" appears directly after a / the result is fine with a 400 Bad Request response such as:
http://localhost:8080/mywebapp/.;subfolder/index.html [^]
http://localhost:8080/mywebapp/subfolder/.;index.html [^]

Attached Files

Relationships

Notes
(0006877) ferg 03-21-19 16:11	server/003y

Issue History
Date Modified	Username	Field	Change
03-09-19 15:17	stbu	New Issue
03-09-19 15:17	stbu	Issue Monitored: stbu
03-21-19 16:11	ferg	Note Added: 0006877
03-21-19 16:11	ferg	Assigned To	=> ferg
03-21-19 16:11	ferg	Status	new => assigned
03-21-19 16:11	ferg	Resolution	open => fixed
03-21-19 16:11	ferg	Fixed in Version	=> 4.0.62
03-21-19 16:32	ferg	Status	assigned => closed

Mantis 1.0.0rc3[^]

30 total queries executed.
26 unique queries executed.