Bug 39813 - JMX proxy servlet newline escaping is incorrect
Summary: JMX proxy servlet newline escaping is incorrect
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 5
Classification: Unclassified
Component: Webapps:Manager (show other bugs)
Version: 5.5.17
Hardware: All other
: P4 trivial (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-06-14 16:26 UTC by Robin Bramley
Modified: 2006-06-17 09:57 UTC (History)
0 users



Attachments
Patch for newline escaping (1.21 KB, patch)
2006-06-16 09:14 UTC, Robin Bramley
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robin Bramley 2006-06-14 16:26:33 UTC
JMXProxyServlet.java at revision 411724.

Using MBean qry operation, if an attribute returns a String containing a
newline, the character before the newline is removed by the escape method (uses
idx-1 instead of idx on line 204).
e.g. PermGenStatus: Perm Gen : 19.93% (26739168/134217728\n

Furthermore, the end int is not checked to be > 0 in the appendHead method - so
anything starting with a newline would end up being a substring(0,-1) call (line
223) - resulting in an StringIndexOutOfBoundsException("String index out of
range: -1") which would then drop into "} catch (Exception e) {} // Ignore" in
listBeans causing any further attributes to not be printed out. 

Finally, the get operation does not use the escape method in getAttribute (line
114) so will print newlines. Guess this contravenes the JMX spec 1.2 - whose
changes log says "...the newline character ('\n') is forbidden everywhere. This
rule is new with 1.2."
Comment 1 Yoav Shapira 2006-06-15 19:29:47 UTC
Patches would be great ;)
Comment 2 Robin Bramley 2006-06-16 09:14:28 UTC
Created attachment 18476 [details]
Patch for newline escaping

Here you go! 
Tested with a Spring MBean exported POJO returning strings containing newlines
and starting with a newline.
Comment 3 Mark Thomas 2006-06-17 16:57:01 UTC
Patch applied.

Many thanks.