Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--jetty-server/src/main/java/org/eclipse/jetty/server/handler/AllowSymLinkAliasChecker.java38
-rw-r--r--jetty-server/src/test/java/org/eclipse/jetty/server/handler/ContextHandlerGetResourceTest.java35
2 files changed, 62 insertions, 11 deletions
diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/AllowSymLinkAliasChecker.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/AllowSymLinkAliasChecker.java
index f6dad19058..3f5b16b6a0 100644
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/AllowSymLinkAliasChecker.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/AllowSymLinkAliasChecker.java
@@ -71,23 +71,39 @@ public class AllowSymLinkAliasChecker implements AliasCheck
}
// No, so let's check each element ourselves
- Path d = path.getRoot();
- for (Path e:path)
+ boolean linked=true;
+ Path target=path;
+ int loops=0;
+ while (linked)
{
- d=d.resolve(e);
-
- while (Files.exists(d) && Files.isSymbolicLink(d))
+ if (++loops>100)
{
- Path link=Files.readSymbolicLink(d);
- if (!link.isAbsolute())
- link=d.resolve(link);
- d=link;
+ if (LOG.isDebugEnabled())
+ LOG.debug("Too many symlinks {} --> {}",resource,target);
+ return false;
}
+ linked=false;
+ Path d = target.getRoot();
+ for (Path e:target)
+ {
+ d=d.resolve(e);
+
+ while (Files.exists(d) && Files.isSymbolicLink(d))
+ {
+ Path link=Files.readSymbolicLink(d);
+ if (!link.isAbsolute())
+ link=d.resolve(link);
+ d=link;
+ linked=true;
+ }
+ }
+ target=d;
}
- if (pathResource.getAliasPath().equals(d))
+
+ if (pathResource.getAliasPath().equals(target))
{
if (LOG.isDebugEnabled())
- LOG.debug("Allow path symlink {} --> {}",resource,d);
+ LOG.debug("Allow path symlink {} --> {}",resource,target);
return true;
}
}
diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/handler/ContextHandlerGetResourceTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/handler/ContextHandlerGetResourceTest.java
index 27edbe74eb..156d0af5de 100644
--- a/jetty-server/src/test/java/org/eclipse/jetty/server/handler/ContextHandlerGetResourceTest.java
+++ b/jetty-server/src/test/java/org/eclipse/jetty/server/handler/ContextHandlerGetResourceTest.java
@@ -85,6 +85,18 @@ public class ContextHandlerGetResourceTest
Files.createSymbolicLink(new File(docroot,"other").toPath(),new File("../transit").toPath());
Files.createSymbolicLink(transit.toPath(),otherroot.toPath());
+
+ // /web/logs -> /var/logs -> /media/internal/logs
+ // where /media/internal -> /media/internal-physical/
+ new File(docroot,"media/internal-physical/logs").mkdirs();
+ Files.createSymbolicLink(new File(docroot,"media/internal").toPath(),new File(docroot,"media/internal-physical").toPath());
+ new File(docroot,"var").mkdir();
+ Files.createSymbolicLink(new File(docroot,"var/logs").toPath(),new File(docroot,"media/internal/logs").toPath());
+ new File(docroot,"web").mkdir();
+ Files.createSymbolicLink(new File(docroot,"web/logs").toPath(),new File(docroot,"var/logs").toPath());
+ new File(docroot,"media/internal-physical/logs/file.log").createNewFile();
+
+ System.err.println("docroot="+docroot);
}
OS_ALIAS_SUPPORTED = new File(sub, "TEXTFI~1.TXT").exists();
@@ -383,6 +395,29 @@ public class ContextHandlerGetResourceTest
}
}
+
+ @Test
+ public void testSymlinkNested() throws Exception
+ {
+ Assume.assumeTrue(OS.IS_UNIX);
+
+ try
+ {
+ allowSymlinks.set(true);
+
+ final String path="/web/logs/file.log";
+
+ Resource resource=context.getResource(path);
+ assertNotNull(resource);
+ assertEquals("file.log",resource.getFile().getName());
+ assertTrue(resource.exists());
+ }
+ finally
+ {
+ allowSymlinks.set(false);
+ }
+
+ }
@Test
public void testSymlinkUnknown() throws Exception

Back to the top