From: Michael Jumper <zhangmaike@users.sourceforge.net>
Date: Mon, 26 Mar 2012 06:05:50 +0000 (-0700)
Subject: It is a security error to request a config that does not exist.
X-Git-Url: http://git.alex.org.uk

It is a security error to request a config that does not exist.
---

diff --git a/src/main/java/net/sourceforge/guacamole/net/basic/BasicGuacamoleTunnelServlet.java b/src/main/java/net/sourceforge/guacamole/net/basic/BasicGuacamoleTunnelServlet.java
index a04f5e7..0748495 100644
--- a/src/main/java/net/sourceforge/guacamole/net/basic/BasicGuacamoleTunnelServlet.java
+++ b/src/main/java/net/sourceforge/guacamole/net/basic/BasicGuacamoleTunnelServlet.java
@@ -26,6 +26,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import net.sourceforge.guacamole.GuacamoleException;
+import net.sourceforge.guacamole.GuacamoleSecurityException;
 import net.sourceforge.guacamole.net.InetGuacamoleSocket;
 import net.sourceforge.guacamole.protocol.GuacamoleConfiguration;
 import net.sourceforge.guacamole.properties.GuacamoleProperties;
@@ -177,7 +178,7 @@ public class BasicGuacamoleTunnelServlet extends AuthenticatingHttpServlet {
             GuacamoleConfiguration config = configs.get(id);
             if (config == null) {
                 logger.error("Configuration id={} not found.", id);
-                return null;
+                throw new GuacamoleSecurityException("Requested configuration is not authorized.");
             }
             
             logger.info("Successful connection from {} to \"{}\".", request.getRemoteAddr(), id);