Skip to content

ResourceUrlEncodingFilter throws StringIndexOutOfBoundsException when %ED%B6 is in the URL path #22851

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mixcloud-downloader opened this issue Apr 28, 2019 · 2 comments
Closed

ResourceUrlEncodingFilter throws StringIndexOutOfBoundsException when %ED%B6 is in the URL path #22851

mixcloud-downloader opened this issue Apr 28, 2019 · 2 comments
Assignees
@rstoyanchev
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: backported An issue that has been backported to maintenance branches type: bug A general bug
Milestone
5.1.7

Comments

@mixcloud-downloader
Copy link

mixcloud-downloader commented Apr 28, 2019
edited
Loading

Affects: 5.1.6

A request with %ED%B6 in the path (e.g. http://example.org/%ED%B6) will fail with a 500 http response code and this exception:

java.lang.StringIndexOutOfBoundsException: begin 0, end -1, length 2
at java.base/java.lang.String.checkBoundsBeginEnd(String.java:3319) ~[na:na]
at java.base/java.lang.String.substring(String.java:1874) ~[na:na]
at org.springframework.web.servlet.resource.ResourceUrlEncodingFilter$ResourceUrlEncodingRequestWrapper.initLookupPath(ResourceUrlEncodingFilter.java:99) ~[spring-webmvc-5.1.6.RELEASE.jar:5.1.6.RELEASE]
at org.springframework.web.servlet.resource.ResourceUrlEncodingFilter$ResourceUrlEncodingRequestWrapper.setAttribute(ResourceUrlEncodingFilter.java:86) ~[spring-webmvc-5.1.6.RELEASE.jar:5.1.6.RELEASE]
at org.springframework.web.servlet.resource.ResourceUrlProviderExposingInterceptor.preHandle(ResourceUrlProviderExposingInterceptor.java:51) ~[spring-webmvc-5.1.6.RELEASE.jar:5.1.6.RELEASE]
at org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:136) ~[spring-webmvc-5.1.6.RELEASE.jar:5.1.6.RELEASE]
…

This only happens when having these two dependencies (managed versions by spring-boot-2.1.4.RELEASE) in the pom:

  • spring-boot-starter-thymeleaf
  • webjars-locator-core

See spring-attic/spring-framework-issues#190 for an example.

Also for context, the complete path was %CE%D2%BA%C3%CF%EB%C4%E3%C8%C3%C8%AB%CA%C0%BD%E7%D6%AA%B5%C0%CE%D2%B0%AE%C4%E3%D0%ED%B6%E0%C4%EA%D2%D4%BA%F3%C0%CB%D7%D3%BB%D8%CD%B7%C5%AE%C8%CB%B5%C4%D1%A1%D4%F1, but it appears that only having %ED%B6 is enough for that bug.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Apr 28, 2019
mixcloud-downloader added a commit to mixcloud-downloader/spring-framework-issues that referenced this issue Apr 28, 2019
@mixcloud-downloader
Issue 22851
37ed3b1 
See also spring-projects/spring-framework#22851
@mixcloud-downloader mixcloud-downloader mentioned this issue Apr 28, 2019
Merged
rstoyanchev pushed a commit to spring-attic/spring-framework-issues that referenced this issue Apr 29, 2019
@mixcloud-downloader @rstoyanchev
Issue 22851
26c9a63 
See also spring-projects/spring-framework#22851
@rstoyanchev rstoyanchev added this to the 5.1.7 milestone Apr 29, 2019
@rstoyanchev rstoyanchev added in: web Issues in web modules (web, webmvc, webflux, websocket) type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Apr 29, 2019
@rstoyanchev
Copy link
Contributor

There is some kind of mismatch between the way UrlPathHelper and the Servlet container decode the given request path. The requestUri decoded by UrlPathHelper is shorter than Servlet path returned by the container resulting in the index exception. We need to prevent the exception but also understand the reason for the mismatch.

@rstoyanchev rstoyanchev self-assigned this Apr 29, 2019
@mixcloud-downloader mixcloud-downloader mentioned this issue Apr 29, 2019
Closed
@spring-projects-issues spring-projects-issues added status: backported An issue that has been backported to maintenance branches and removed for: backport-to-5.0.x labels Apr 30, 2019
This was referenced Apr 30, 2019
Closed
Closed
@rstoyanchev
Copy link
Contributor

There appears to be an invalid encoded char sequence in the given URL:

2019-05-01 03:36:22.471  WARN 3171 --- [tp1338065644-20] org.eclipse.jetty.util.URIUtil           : /%ED%B6 org.eclipse.jetty.util.Utf8Appendable$NotUtf8Exception: Not valid UTF8! byte B6 in state 0

Servlet containers fall back on different encoding (Jetty falls back on ISO-8859-1 but Tomcat appears to fall back on US ASCII) and so the Servlet path can't be compared to the decoded request URI. I've added an assertion to fail proactively with a more helpful message.

rstoyanchev added a commit that referenced this issue May 1, 2019
@rstoyanchev
Fail proactively if lookupPath not in requestUri
9d55884 
Closes gh-22851
rstoyanchev added a commit that referenced this issue May 1, 2019
@rstoyanchev
Fail proactively if lookupPath not in requestUri
8d0b72b 
Closes gh-22851
@rstoyanchev rstoyanchev mentioned this issue Aug 23, 2019
Closed
@bclozel bclozel mentioned this issue May 11, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rstoyanchev rstoyanchev

Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: backported An issue that has been backported to maintenance branches type: bug A general bug
Projects
None yet
Milestone
5.1.7
Development

No branches or pull requests
4 participants
@rstoyanchev @jhoeller @spring-projects-issues @mixcloud-downloader