[jboss-cvs] Repository SVN: r27651 - apache-tomcat/5.0.30.patch07-brew/src.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Jul 7 20:21:56 EDT 2009
Author: dknox at redhat.com
Date: 2009-07-07 20:21:56 -0400 (Tue, 07 Jul 2009)
New Revision: 27651
Added:
apache-tomcat/5.0.30.patch07-brew/src/tomcat5-5.0.30-CVE-2008-5515.patch
apache-tomcat/5.0.30.patch07-brew/src/tomcat5-5.0.30-CVE-2009-0033.patch
apache-tomcat/5.0.30.patch07-brew/src/tomcat5-5.0.30-CVE-2009-0783.patch
Log:
adding patch files for tag tomcat5-5_0_30-0jpp_15rh
Added: apache-tomcat/5.0.30.patch07-brew/src/tomcat5-5.0.30-CVE-2008-5515.patch
===================================================================
--- apache-tomcat/5.0.30.patch07-brew/src/tomcat5-5.0.30-CVE-2008-5515.patch (rev 0)
+++ apache-tomcat/5.0.30.patch07-brew/src/tomcat5-5.0.30-CVE-2008-5515.patch 2009-07-08 00:21:56 UTC (rev 27651)
@@ -0,0 +1,281 @@
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationContext.java 2009-06-09 17:08:55.000000000 +0200
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationContext.java 2009-06-09 17:20:24.000000000 +0200
+@@ -43,6 +43,7 @@
+ import org.apache.catalina.Wrapper;
+ import org.apache.catalina.deploy.ApplicationParameter;
+ import org.apache.catalina.util.Enumerator;
++import org.apache.catalina.util.RequestUtil;
+ import org.apache.catalina.util.ResourceSet;
+ import org.apache.catalina.util.ServerInfo;
+ import org.apache.catalina.util.StringManager;
+@@ -387,7 +388,7 @@
+ path = path.substring(0, pos);
+ }
+
+- path = normalize(path);
++ path = RequestUtil.normalize(path);
+ if (path == null)
+ return (null);
+
+@@ -471,7 +472,7 @@
+ throw new MalformedURLException(sm.getString("applicationContext.requestDispatcher.iae", path));
+ }
+
+- path = normalize(path);
++ path = RequestUtil.normalize(path);
+ if (path == null)
+ return (null);
+
+@@ -520,10 +521,13 @@
+ */
+ public InputStream getResourceAsStream(String path) {
+
+- path = normalize(path);
+ if (path == null)
+ return (null);
+
++ path = RequestUtil.normalize(path);
++ if (path == null)
++ return null;
++
+ DirContext resources = context.getResources();
+ if (resources != null) {
+ try {
+@@ -547,7 +551,14 @@
+ */
+ public Set getResourcePaths(String path) {
+
+- path = normalize(path);
++ if (path == null)
++ return (null);
++
++ if (!path.startsWith("/")) {
++ throw new IllegalArgumentException
++ (sm.getString("applicationContext.requestDispatcher.iae", path));
++ }
++ path = RequestUtil.normalize(path);
+ if (path == null)
+ return (null);
+
+@@ -863,41 +874,6 @@
+
+
+ /**
+- * Return a context-relative path, beginning with a "/", that represents
+- * the canonical version of the specified path after ".." and "." elements
+- * are resolved out. If the specified path attempts to go outside the
+- * boundaries of the current context (i.e. too many ".." path elements
+- * are present), return <code>null</code> instead.
+- *
+- * @param path Path to be normalized
+- */
+- private String normalize(String path) {
+-
+- String normalized = path;
+-
+- // Normalize the slashes and add leading slash if necessary
+- if (normalized.indexOf('\\') >= 0)
+- normalized = normalized.replace('\\', '/');
+-
+- // Resolve occurrences of "/../" in the normalized path
+- while (true) {
+- int index = normalized.indexOf("/../");
+- if (index < 0)
+- break;
+- if (index == 0)
+- return (null); // Trying to go outside our context
+- int index2 = normalized.lastIndexOf('/', index - 1);
+- normalized = normalized.substring(0, index2) +
+- normalized.substring(index + 3);
+- }
+-
+- // Return the normalized path that we have completed
+- return (normalized);
+-
+- }
+-
+-
+- /**
+ * Merge the context initialization parameters specified in the application
+ * deployment descriptor with the application parameters described in the
+ * server configuration, respecting the <code>override</code> property of
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationContext.java 2004-11-24 17:55:08.000000000 +0100
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationContext.java.orig 2009-06-09 17:15:44.000000000 +0200
+@@ -378,10 +378,21 @@
+ throw new IllegalArgumentException
+ (sm.getString
+ ("applicationContext.requestDispatcher.iae", path));
++
++ // Get query string
++ String queryString = null;
++ int pos = path.indexOf('?');
++ if (pos >= 0) {
++ queryString = path.substring(pos + 1);
++ path = path.substring(0, pos);
++ }
++
+ path = normalize(path);
+ if (path == null)
+ return (null);
+
++ pos = path.length();
++
+ // Retrieve the thread local URI
+ MessageBytes uriMB = (MessageBytes) localUriMB.get();
+ if (uriMB == null) {
+@@ -393,15 +404,6 @@
+ uriMB.recycle();
+ }
+
+- // Get query string
+- String queryString = null;
+- int pos = path.indexOf('?');
+- if (pos >= 0) {
+- queryString = path.substring(pos + 1);
+- } else {
+- pos = path.length();
+- }
+-
+ // Retrieve the thread local mapping data
+ MappingData mappingData = (MappingData) localMappingData.get();
+ if (mappingData == null) {
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java 2004-11-24 17:55:08.000000000 +0100
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java 2009-06-09 17:20:24.000000000 +0200
+@@ -316,10 +316,9 @@
+ int pos = requestPath.lastIndexOf('/');
+ String relative = null;
+ if (pos >= 0) {
+- relative = RequestUtil.normalize
+- (requestPath.substring(0, pos + 1) + path);
++ relative = requestPath.substring(0, pos + 1) + path;
+ } else {
+- relative = RequestUtil.normalize(requestPath + path);
++ relative = requestPath + path;
+ }
+
+ return (context.getServletContext().getRequestDispatcher(relative));
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java 2009-06-09 17:08:55.000000000 +0200
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java 2009-06-09 17:53:38.000000000 +0200
+@@ -1502,7 +1502,7 @@
+ }
+
+ // Normalise destination path (remove '.' and '..')
+- destinationPath = normalize(destinationPath);
++ destinationPath = RequestUtil.normalize(destinationPath);
+
+ String contextPath = req.getContextPath();
+ if ((contextPath != null) &&
+@@ -2263,7 +2263,7 @@
+ if (!toAppend.startsWith("/"))
+ toAppend = "/" + toAppend;
+
+- generatedXML.writeText(rewriteUrl(normalize(absoluteUri + toAppend)));
++ generatedXML.writeText(rewriteUrl(RequestUtil.normalize(absoluteUri + toAppend)));
+
+ generatedXML.writeElement(null, "href", XMLWriter.CLOSING);
+
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/ssi/SSIServletExternalResolver.java 2004-11-24 17:55:14.000000000 +0100
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/ssi/SSIServletExternalResolver.java 2009-06-09 17:20:48.000000000 +0200
+@@ -24,6 +24,8 @@
+ import javax.servlet.http.HttpServlet;
+ import javax.servlet.http.HttpServletRequest;
+ import javax.servlet.http.HttpServletResponse;
++import org.apache.catalina.util.RequestUtil;
++
+ /**
+ * An implementation of SSIExternalResolver that is used with servlets.
+ *
+@@ -230,7 +232,7 @@
+ + pathWithoutContext);
+ }
+ String fullPath = prefix + path;
+- String retVal = SSIServletRequestUtil.normalize(fullPath);
++ String retVal = RequestUtil.normalize(fullPath);
+ if (retVal == null) {
+ throw new IOException("Normalization yielded null on path: "
+ + fullPath);
+@@ -264,7 +266,7 @@
+ if (!virtualPath.startsWith("/") && !virtualPath.startsWith("\\")) {
+ path = getAbsolutePath(virtualPath);
+ } else {
+- String normalized = SSIServletRequestUtil.normalize(virtualPath);
++ String normalized = RequestUtil.normalize(virtualPath);
+ if (isVirtualWebappRelative) {
+ path = normalized;
+ } else {
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/ssi/SSIServletRequestUtil.java 2004-11-24 17:55:14.000000000 +0100
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/ssi/SSIServletRequestUtil.java 2009-06-09 17:20:48.000000000 +0200
+@@ -41,7 +41,7 @@
+ if ((result == null) || (result.equals(""))) {
+ result = "/";
+ }
+- return normalize(result);
++ return RequestUtil.normalize(result);
+ }
+
+
+@@ -57,15 +57,9 @@
+ *
+ * @param path
+ * Path to be normalized
++ * @deprecated
+ */
+ public static String normalize(String path) {
+- if (path == null) return null;
+- String normalized = path;
+- //Why doesn't RequestUtil do this??
+- // Normalize the slashes and add leading slash if necessary
+- if (normalized.indexOf('\\') >= 0)
+- normalized = normalized.replace('\\', '/');
+- normalized = RequestUtil.normalize(path);
+- return normalized;
++ return RequestUtil.normalize(path);
+ }
+ }
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/util/RequestUtil.java 2004-11-24 17:55:17.000000000 +0100
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/util/RequestUtil.java 2009-06-09 17:20:48.000000000 +0200
+@@ -147,6 +147,19 @@
+ * @param path Relative path to be normalized
+ */
+ public static String normalize(String path) {
++ return normalize(path, true);
++ }
++
++ /**
++ * Normalize a relative URI path that may have relative values ("/./",
++ * "/../", and so on ) it it. <strong>WARNING</strong> - This method is
++ * useful only for normalizing application-generated paths. It does not
++ * try to perform security checks for malicious input.
++ *
++ * @param path Relative path to be normalized
++ * @param replaceBackSlash Should '\\' be replaced with '/'
++ */
++ public static String normalize(String path, boolean replaceBackSlash) {
+
+ if (path == null)
+ return null;
+@@ -154,6 +167,9 @@
+ // Create a place for the normalized path
+ String normalized = path;
+
++ if (replaceBackSlash && normalized.indexOf('\\') >= 0)
++ normalized = normalized.replace('\\', '/');
++
+ if (normalized.equals("/."))
+ return "/";
+
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java 2009-06-09 17:08:55.000000000 +0200
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java 2009-06-09 17:54:07.000000000 +0200
+@@ -1337,10 +1337,9 @@
+ int pos = requestPath.lastIndexOf('/');
+ String relative = null;
+ if (pos >= 0) {
+- relative = RequestUtil.normalize
+- (requestPath.substring(0, pos + 1) + path);
++ relative = requestPath.substring(0, pos + 1) + path;
+ } else {
+- relative = RequestUtil.normalize(requestPath + path);
++ relative = requestPath + path;
+ }
+
+ return (context.getServletContext().getRequestDispatcher(relative));
Added: apache-tomcat/5.0.30.patch07-brew/src/tomcat5-5.0.30-CVE-2009-0033.patch
===================================================================
--- apache-tomcat/5.0.30.patch07-brew/src/tomcat5-5.0.30-CVE-2009-0033.patch (rev 0)
+++ apache-tomcat/5.0.30.patch07-brew/src/tomcat5-5.0.30-CVE-2009-0033.patch 2009-07-08 00:21:56 UTC (rev 27651)
@@ -0,0 +1,29 @@
+--- jakarta-tomcat-connectors/jk/java/org/apache/jk/common/ChannelSocket.java 2005-03-26 20:24:11.000000000 +0100
++++ jakarta-tomcat-connectors/jk/java/org/apache/jk/common/ChannelSocket.java 2009-06-09 15:08:33.000000000 +0200
+@@ -678,6 +678,7 @@
+ status= this.invoke( recv, ep );
+ if( status!= JkHandler.OK ) {
+ log.warn("processCallbacks status " + status );
++ ((Request)ep.getRequest()).getResponse().finish();
+ break;
+ }
+ }
+--- jakarta-tomcat-connectors/jk/java/org/apache/jk/common/HandlerRequest.java 2005-03-26 20:24:11.000000000 +0100
++++ jakarta-tomcat-connectors/jk/java/org/apache/jk/common/HandlerRequest.java 2009-06-09 14:41:00.000000000 +0200
+@@ -367,8 +367,16 @@
+ ((Request)ep.getRequest()).unparsedURI());
+ }
+ } catch( Exception ex ) {
++ /* If we are here it is because we have a bad header or something like that */
+ log.error( "Error decoding request ", ex );
+ msg.dump( "Incomming message");
++ Response res= ((Request)ep.getRequest()).getResponse();
++ if ( res==null ) {
++ res=new Response();
++ ((Request)ep.getRequest()).setResponse(res);
++ }
++ res.setMessage("Bad Request");
++ res.setStatus(400);
+ return ERROR;
+ }
+
Added: apache-tomcat/5.0.30.patch07-brew/src/tomcat5-5.0.30-CVE-2009-0783.patch
===================================================================
--- apache-tomcat/5.0.30.patch07-brew/src/tomcat5-5.0.30-CVE-2009-0783.patch (rev 0)
+++ apache-tomcat/5.0.30.patch07-brew/src/tomcat5-5.0.30-CVE-2009-0783.patch 2009-07-08 00:21:56 UTC (rev 27651)
@@ -0,0 +1,229 @@
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardContext.java 2004-11-24 17:55:09.000000000 +0100
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardContext.java 2009-06-10 11:58:15.000000000 +0200
+@@ -4262,10 +4262,6 @@
+ ((Lifecycle) pipeline).start();
+ }
+
+- if(getProcessTlds()) {
+- processTlds();
+- }
+-
+ // Notify our interested LifecycleListeners
+ lifecycle.fireLifecycleEvent(START_EVENT, null);
+
+@@ -4382,41 +4378,6 @@
+ //cacheContext();
+ }
+
+- /**
+- * Processes the TLDs.
+- *
+- * @throws LifecycleException If an error occurs
+- */
+- protected void processTlds() throws LifecycleException {
+- TldConfig tldConfig = new TldConfig();
+- tldConfig.setContext(this);
+-
+- // (1) check if the attribute has been defined
+- // on the context element.
+- tldConfig.setTldValidation(tldValidation);
+- tldConfig.setTldNamespaceAware(tldNamespaceAware);
+-
+- // (2) if the attribute wasn't defined on the context
+- // try the host.
+- if (!tldValidation){
+- tldConfig.setTldValidation
+- (((StandardHost) getParent()).getXmlValidation());
+- }
+-
+- if (!tldNamespaceAware){
+- tldConfig.setTldNamespaceAware
+- (((StandardHost) getParent()).getXmlNamespaceAware());
+- }
+-
+- try {
+- tldConfig.execute();
+- } catch (Exception ex) {
+- log.error("Error reading tld listeners "
+- + ex.toString(), ex);
+- }
+- }
+-
+-
+ private void cacheContext() {
+ try {
+ File workDir=new File( getWorkPath() );
+@@ -5460,6 +5421,10 @@
+ throw e;
+ }
+ }
++ if (processTlds)
++ {
++ this.addLifecycleListener(new TldConfig());
++ }
+ super.init();
+
+ // Send j2ee.state.starting notification
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/ContextConfig.java 2004-11-24 17:55:14.000000000 +0100
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/ContextConfig.java 2009-06-10 11:40:43.000000000 +0200
+@@ -241,10 +241,6 @@
+
+ long t1=System.currentTimeMillis();
+
+- if (webDigester == null){
+- webDigester = createWebDigester();
+- }
+-
+ URL url=null;
+ // Process the application web.xml file
+ synchronized (webDigester) {
+@@ -497,10 +493,6 @@
+ return;
+ }
+
+- if (webDigester == null){
+- webDigester = createWebDigester();
+- }
+-
+ // Process the default web.xml file
+ synchronized (webDigester) {
+ try {
+@@ -591,6 +583,11 @@
+ private synchronized void start() {
+ // Called from StandardContext.start()
+
++ if (webDigester == null){
++ webDigester = createWebDigester();
++ webDigester.getParser();
++ }
++
+ if (log.isDebugEnabled())
+ log.debug(sm.getString("contextConfig.start"));
+ context.setConfigured(false);
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/LocalStrings.properties 2004-11-24 17:55:15.000000000 +0100
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/LocalStrings.properties 2009-06-10 11:21:11.000000000 +0200
+@@ -55,6 +55,8 @@
+ hostConfig.undeploy=Undeploying web application at context path {0}
+ hostConfig.undeploy.error=Error undeploying web application at context path {0}
+ hostConfig.undeploying=Undeploying deployed web applications
++tldConfig.cce=Lifecycle event data object {0} is not a Context
++tldConfig.execute=Error processing TDL files for context path {0}
+ userConfig.database=Exception loading user database
+ userConfig.deploy=Deploying web application for user {0}
+ userConfig.deploying=Deploying user web applications
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/TldConfig.java 2004-11-24 17:55:15.000000000 +0100
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/TldConfig.java 2009-06-10 11:20:31.000000000 +0200
+@@ -45,20 +45,25 @@
+
+ import org.apache.catalina.Context;
+ import org.apache.catalina.Globals;
++import org.apache.catalina.Lifecycle;
++import org.apache.catalina.LifecycleEvent;
++import org.apache.catalina.LifecycleListener;
+ import org.apache.catalina.core.StandardContext;
++import org.apache.catalina.core.StandardHost;
+ import org.apache.catalina.util.StringManager;
+ import org.apache.commons.digester.Digester;
+ import org.xml.sax.InputSource;
+
+ /**
+- * Startup event listener for a <b>Context</b> that configures the properties
+- * of that Context, and the associated defined servlets.
++ * Startup event listener for a <b>Context</b> that configures application
++ * listeners configured in any TLD files.
+ *
+ * @author Craig R. McClanahan
+ * @author Jean-Francois Arcand
+ * @author Costin Manolache
+ */
+-public final class TldConfig {
++public final class TldConfig implements LifecycleListener
++{
+
+ // Names of JARs that are known not to contain any TLDs
+ private static HashSet noTldJars;
+@@ -399,20 +404,6 @@
+ }
+
+ /**
+- * Create (if necessary) and return a Digester configured to process a tag
+- * library descriptor, looking for additional listener classes to be
+- * registered.
+- */
+- private static Digester createTldDigester() {
+-
+- return DigesterFactory.newDigester(tldValidation,
+- tldNamespaceAware,
+- new TldRuleSet());
+-
+- }
+-
+-
+- /**
+ * Scan the JAR file at the specified resource path for TLDs in the
+ * <code>META-INF</code> subdirectory, and scan each TLD for application
+ * event listeners that need to be registered.
+@@ -504,10 +495,6 @@
+ private void tldScanStream(InputSource resourceStream)
+ throws Exception {
+
+- if (tldDigester == null){
+- tldDigester = createTldDigester();
+- }
+-
+ synchronized (tldDigester) {
+ try {
+ tldDigester.push(this);
+@@ -715,4 +702,52 @@
+
+ return jarPathMap;
+ }
++
++
++ public void lifecycleEvent(LifecycleEvent event) {
++ // Identify the context we are associated with
++ try {
++ context = (Context) event.getLifecycle();
++ } catch (ClassCastException e) {
++ log.error(sm.getString("tldConfig.cce", event.getLifecycle()), e);
++ return;
++ }
++
++ if (event.getType().equals(Lifecycle.BEFORE_START_EVENT)) {
++ init();
++ } else if (event.getType().equals(Lifecycle.START_EVENT)) {
++ try {
++ execute();
++ } catch (Exception e) {
++ log.error(sm.getString(
++ "tldConfig.execute", context.getPath()), e);
++ }
++ } // Ignore the other event types - nothing to do
++ }
++
++ private void init() {
++ if (tldDigester == null){
++ // (1) check if the attribute has been defined
++ // on the context element.
++ setTldValidation(context.getTldValidation());
++ setTldNamespaceAware(context.getTldNamespaceAware());
++
++ // (2) if the attribute wasn't defined on the context
++ // try the host.
++ if (!tldValidation) {
++ setTldValidation(
++ ((StandardHost) context.getParent()).getXmlValidation());
++ }
++
++ if (!tldNamespaceAware) {
++ setTldNamespaceAware(
++ ((StandardHost) context.getParent()).getXmlNamespaceAware());
++ }
++
++ tldDigester = DigesterFactory.newDigester(tldValidation,
++ tldNamespaceAware,
++ new TldRuleSet());
++ tldDigester.getParser();
++ }
++ }
+ }
More information about the jboss-cvs-commits
mailing list