cfinclude java.lang.StringIndexOutOfBoundsException

Description

cfinclude with template outside docBase throws below exception. After a reload the template is found but the next cfinclude outside docBase shows the error, and so on.

This behaviour started with Lucee 5.1.2.24. Tested with Lucee 5.2.5.16-SNAPSHOT. Works in Lucee 5.1.1.65.

Lucee 5.2.3.35 Error (java.lang.StringIndexOutOfBoundsException)
Message String index out of range: -1
Stacktrace The Error Occurred in
/var/www/domain/Application.cfm: line 2
1: <cfinclude template="config.cfm">
2: <cfinclude template="../Application.cfm">

Java Stacktrace lucee.runtime.exp.NativeException: String index out of range: -1
at java.lang.String.substring(String.java:1931)
at lucee.runtime.PageSourceImpl.getPhyscalFile(PageSourceImpl.java:444)
at lucee.runtime.PageSourceImpl.loadPhysical(PageSourceImpl.java:254)
at lucee.runtime.PageSourceImpl.loadPageThrowTemplateException(PageSourceImpl.java:183)
at lucee.runtime.PageSourceImpl.loadPage(PageSourceImpl.java:910)
at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:900)
at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:833)
at lucee.runtime.PageContextImpl.doInclude(PageContextImpl.java:817)
at application_cfm$cf.call(/Application.cfm:2)
at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:908)
at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:833)
at lucee.runtime.listener.ClassicAppListener._onRequest(ClassicAppListener.java:54)
at lucee.runtime.listener.MixedAppListener.onRequest(MixedAppListener.java:44)
at lucee.runtime.PageContextImpl.execute(PageContextImpl.java:2405)
at lucee.runtime.PageContextImpl._execute(PageContextImpl.java:2395)
at lucee.runtime.PageContextImpl.executeCFML(PageContextImpl.java:2363)
at lucee.runtime.engine.Request.exe(Request.java:46)
at lucee.runtime.engine.CFMLEngineImpl._service(CFMLEngineImpl.java:1048)
at lucee.runtime.engine.CFMLEngineImpl.serviceCFML(CFMLEngineImpl.java:996)
at lucee.loader.engine.CFMLEngineWrapper.serviceCFML(CFMLEngineWrapper.java:102)
at lucee.loader.servlet.CFMLServlet.service(CFMLServlet.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.StringIndexOutOfBoundsException: String index out of range: -1
... 41 more

Environment

OS Linux (4.9.43-17.38.amzn1.x86_64) 64bit
Servlet Container Apache Tomcat/8.5.6
Java 1.8.0_112 (Oracle Corporation) 64bit
Version Lucee 5.2.3.35

Attachments

1

Activity

Markus Sackmann 28 March 2018 at 10:48

Pothys - MitrahSoft 5 October 2017 at 11:02

I've tested with above test.tar.tz file & Confirmed the issue happened on above versions. I get following results,

Stacktrace :
The "String index out of range: -1" exception occurs while we include outside of the docBase file & run at first time of lucee restart. In second time, If we run that same file means it will throw another issue "page not found".

Markus Sackmann 4 October 2017 at 09:10

This could be a possible fix. Just another way to create relpath if isOutSide is true:

Markus Sackmann 4 October 2017 at 07:39

The docBase in the example above is wrong. Correct docBase: /var/www/domain/directory1/directory2/directory3

Error in lucee.runtime.PageSourceImpl.getPhyscalFile(PageSourceImpl.java:444) due to following code:

Some debug shows clearly that above code won't work with ../ in path:

tmp.getAbsolutePath():
/var/www/domain/directory1/directory2/directory3/../../directory1.cfm

physcalSource.getAbsolutePath():
/var/www/domain/directory1/directory1.cfm

mapping.getPhysical().getAbsolutePath()
/var/www/domain/directory1/directory2/directory3

Markus Sackmann 25 September 2017 at 08:32

Couldn't reproduce this issue on a fresh install until i've copied the original directory structure of our application. It has something to do with the length of the directory names. Uploaded test.tar.gz contains a non working szenario:
cd /var/www/
tar xvfz test.tar.gz

vim /opt/lucee/tomcat/conf/server.xml:
<Host name="lucee" appBase="webapps">
<Context path="" docBase="/var/www/domain/dir1/director2/directory3" />
</Host>

Whereas renaming the path to /var/www/domain/1/2/3 works.

Duplicate

Details

Assignee

Reporter

Priority

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Affects versions

Created 21 September 2017 at 14:21
Updated 19 October 2018 at 06:48
Resolved 19 October 2018 at 06:48