Bug 48318 - WebDAV servlet returns 500 if files not readable
Summary: WebDAV servlet returns 500 if files not readable
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 6
Classification: Unclassified
Component: Servlet & JSP API (show other bugs)
Version: 6.0.20
Hardware: All All
: P2 normal (vote)
Target Milestone: default
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-12-01 07:07 UTC by Martin Carpenter
Modified: 2011-03-15 09:23 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Carpenter 2009-12-01 07:07:07 UTC
If a directory contains a file that is not readable by the Tomcat
process (eg file permissions, dangling symlink) then Tomcat throws a
NullPointerException and returns a 500 Internal Server Error to the
client.

Throwing NPE in these circumstances is certainly wrong.  Returning 500
with no further information is unhelpful behavior and should be fixed.
Generally, interfaces of this type at least list inaccessible files
(Windows Explorer, UNIX ls(1), BSD FTP client, ...) and only return an
error when one attempts to access such a file.

markt suggests an alternative of simply ignoring inaccessible files but notes
that "could cause issues if a user tries to upload a file of that name" and
suggests better error reporting.


Stack:

    SEVERE: Servlet.service() for servlet webdav threw exception
    java.lang.NullPointerException
            at org.apache.catalina.servlets.WebdavServlet.parseProperties(Unknown Source)
            at org.apache.catalina.servlets.WebdavServlet.doPropfind(Unknown Source)
            at org.apache.catalina.servlets.WebdavServlet.service(Unknown Source)
            at javax.servlet.http.HttpServlet.service(Unknown Source)
            ...


Method parseProperties() is in
java/org/apache/catalina/servlets/WebdavServlet.java.org and the NPE
happens when cacheEntry.attributes is null (case FIND_BY_PROPERTY in my
testing and possibly in other cases too).

Following the breadcrumbs via:

    cacheEntry = resources.lookupCache(path);

leads eventually to java/org/apache/naming/resources/FileDirContext.java:

    public Attributes getAttributes(String name, String[] attrIds)
        throws NamingException {
        // Building attribute list
        File file = file(name);
        if (file == null)
            throw new NamingException
                (sm.getString("resources.notFound", name));
    ...
    protected File file(String name) {
        File file = new File(base, name);
        if (file.exists() && file.canRead()) {
            ... // do useful stuff
        } else {
            return null; // ouch
        }
Comment 1 Mark Thomas 2010-02-12 22:16:32 UTC
This has been fixed in trunk and proposed for 6.0.x
Comment 2 Mark Thomas 2010-02-22 21:15:22 UTC
This has been fixed in 6.0.x and will be included in 6.0.25 onwards.
Comment 3 Rico Neubauer 2011-03-15 09:23:23 UTC
Besides dead links or missing permissions, also a folder with a trailing dot in its name leads to this error. e.g. "00."