From 23bb0df05c437fe91acb980868870c50d17cb0ab Mon Sep 17 00:00:00 2001 From: Nasser Grainawi Date: Thu, 14 Jun 2012 21:25:07 -0700 Subject: [PATCH] Fix attempts to access plugins/ The URI here was the same length as the context, thus incrementing the context by 1 and trying to use that as an index into the URI was resulting in an index error. Fixed this way we disallow a plugin from serving content on this page. If we want to allow it this fix needs to change. Change-Id: I6c26584f46c8049fe3786018d9a09c1612e6a1c2 --- .../com/google/gerrit/httpd/plugins/HttpPluginServlet.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/plugins/HttpPluginServlet.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/plugins/HttpPluginServlet.java index 79f9011bf3..47eae99711 100644 --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/plugins/HttpPluginServlet.java +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/plugins/HttpPluginServlet.java @@ -218,8 +218,12 @@ class HttpPluginServlet extends HttpServlet String uri = req.getRequestURI(); String ctx = req.getContextPath(); - String file = uri.substring(ctx.length() + 1); + if (uri.length() <= ctx.length()) { + Resource.NOT_FOUND.send(req, res); + return; + } + String file = uri.substring(ctx.length() + 1); ResourceKey key = new ResourceKey(holder.plugin, file); Resource rsc = resourceCache.getIfPresent(key); if (rsc != null) {