diff options
| author | Greg Wilkins | 2015-11-06 02:54:47 +0000 |
|---|---|---|
| committer | Greg Wilkins | 2015-11-06 02:54:47 +0000 |
| commit | 4bb63b9e03047f3f1991152b814aadfbaeba0411 (patch) | |
| tree | c2afa2db5b611587ff79bf80a9cc68b05245ff41 | |
| parent | 56afc2b0e578844343d8860a525df0e2a15f7cbe (diff) | |
| download | org.eclipse.jetty.project-4bb63b9e03047f3f1991152b814aadfbaeba0411.tar.gz org.eclipse.jetty.project-4bb63b9e03047f3f1991152b814aadfbaeba0411.tar.xz org.eclipse.jetty.project-4bb63b9e03047f3f1991152b814aadfbaeba0411.zip | |
481355 Nested Symlinks
2 files changed, 62 insertions, 11 deletions
diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/AllowSymLinkAliasChecker.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/AllowSymLinkAliasChecker.java index f6dad19058..3f5b16b6a0 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/AllowSymLinkAliasChecker.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/AllowSymLinkAliasChecker.java @@ -71,23 +71,39 @@ public class AllowSymLinkAliasChecker implements AliasCheck } // No, so let's check each element ourselves - Path d = path.getRoot(); - for (Path e:path) + boolean linked=true; + Path target=path; + int loops=0; + while (linked) { - d=d.resolve(e); - - while (Files.exists(d) && Files.isSymbolicLink(d)) + if (++loops>100) { - Path link=Files.readSymbolicLink(d); - if (!link.isAbsolute()) - link=d.resolve(link); - d=link; + if (LOG.isDebugEnabled()) + LOG.debug("Too many symlinks {} --> {}",resource,target); + return false; } + linked=false; + Path d = target.getRoot(); + for (Path e:target) + { + d=d.resolve(e); + + while (Files.exists(d) && Files.isSymbolicLink(d)) + { + Path link=Files.readSymbolicLink(d); + if (!link.isAbsolute()) + link=d.resolve(link); + d=link; + linked=true; + } + } + target=d; } - if (pathResource.getAliasPath().equals(d)) + + if (pathResource.getAliasPath().equals(target)) { if (LOG.isDebugEnabled()) - LOG.debug("Allow path symlink {} --> {}",resource,d); + LOG.debug("Allow path symlink {} --> {}",resource,target); return true; } } diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/handler/ContextHandlerGetResourceTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/handler/ContextHandlerGetResourceTest.java index 27edbe74eb..156d0af5de 100644 --- a/jetty-server/src/test/java/org/eclipse/jetty/server/handler/ContextHandlerGetResourceTest.java +++ b/jetty-server/src/test/java/org/eclipse/jetty/server/handler/ContextHandlerGetResourceTest.java @@ -85,6 +85,18 @@ public class ContextHandlerGetResourceTest Files.createSymbolicLink(new File(docroot,"other").toPath(),new File("../transit").toPath()); Files.createSymbolicLink(transit.toPath(),otherroot.toPath()); + + // /web/logs -> /var/logs -> /media/internal/logs + // where /media/internal -> /media/internal-physical/ + new File(docroot,"media/internal-physical/logs").mkdirs(); + Files.createSymbolicLink(new File(docroot,"media/internal").toPath(),new File(docroot,"media/internal-physical").toPath()); + new File(docroot,"var").mkdir(); + Files.createSymbolicLink(new File(docroot,"var/logs").toPath(),new File(docroot,"media/internal/logs").toPath()); + new File(docroot,"web").mkdir(); + Files.createSymbolicLink(new File(docroot,"web/logs").toPath(),new File(docroot,"var/logs").toPath()); + new File(docroot,"media/internal-physical/logs/file.log").createNewFile(); + + System.err.println("docroot="+docroot); } OS_ALIAS_SUPPORTED = new File(sub, "TEXTFI~1.TXT").exists(); @@ -383,6 +395,29 @@ public class ContextHandlerGetResourceTest } } + + @Test + public void testSymlinkNested() throws Exception + { + Assume.assumeTrue(OS.IS_UNIX); + + try + { + allowSymlinks.set(true); + + final String path="/web/logs/file.log"; + + Resource resource=context.getResource(path); + assertNotNull(resource); + assertEquals("file.log",resource.getFile().getName()); + assertTrue(resource.exists()); + } + finally + { + allowSymlinks.set(false); + } + + } @Test public void testSymlinkUnknown() throws Exception |