From 64f1801e2f4b62c5a3a6a3805550589714b76607 Mon Sep 17 00:00:00 2001
From: Michael Jumper <zhangmaike@users.sourceforge.net>
Date: Sun, 25 Mar 2012 23:05:50 -0700
Subject: [PATCH] It is a security error to request a config that does not
 exist.

---
 .../guacamole/net/basic/BasicGuacamoleTunnelServlet.java            |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/net/sourceforge/guacamole/net/basic/BasicGuacamoleTunnelServlet.java b/src/main/java/net/sourceforge/guacamole/net/basic/BasicGuacamoleTunnelServlet.java
index a04f5e7..0748495 100644
--- a/src/main/java/net/sourceforge/guacamole/net/basic/BasicGuacamoleTunnelServlet.java
+++ b/src/main/java/net/sourceforge/guacamole/net/basic/BasicGuacamoleTunnelServlet.java
@@ -26,6 +26,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import net.sourceforge.guacamole.GuacamoleException;
+import net.sourceforge.guacamole.GuacamoleSecurityException;
 import net.sourceforge.guacamole.net.InetGuacamoleSocket;
 import net.sourceforge.guacamole.protocol.GuacamoleConfiguration;
 import net.sourceforge.guacamole.properties.GuacamoleProperties;
@@ -177,7 +178,7 @@ public class BasicGuacamoleTunnelServlet extends AuthenticatingHttpServlet {
             GuacamoleConfiguration config = configs.get(id);
             if (config == null) {
                 logger.error("Configuration id={} not found.", id);
-                return null;
+                throw new GuacamoleSecurityException("Requested configuration is not authorized.");
             }
             
             logger.info("Successful connection from {} to \"{}\".", request.getRemoteAddr(), id);
-- 
1.7.10.4