jbossweb-commits February 2014

jbossweb-commits@lists.jboss.org

1 participants
14 discussions

JBossWeb SVN: r2362 - in branches/2.1.x/java/org/apache: coyote/http11 and 1 other directory.

by jbossweb-commits＠lists.jboss.org

Author: jfrederic.clere(a)jboss.com Date: 2014-02-11 09:13:10 -0500 (Tue, 11 Feb 2014) New Revision: 2362 Modified: branches/2.1.x/java/org/apache/catalina/connector/LocalStrings.properties branches/2.1.x/java/org/apache/catalina/connector/Request.java branches/2.1.x/java/org/apache/coyote/http11/Http11AprProtocol.java branches/2.1.x/java/org/apache/coyote/http11/LocalStrings.properties Log: Fix for JBPAPP-10023. Modified: branches/2.1.x/java/org/apache/catalina/connector/LocalStrings.properties =================================================================== --- branches/2.1.x/java/org/apache/catalina/connector/LocalStrings.properties 2014-02-06 13:37:00 UTC (rev 2361) +++ branches/2.1.x/java/org/apache/catalina/connector/LocalStrings.properties 2014-02-11 14:13:10 UTC (rev 2362) @@ -49,6 +49,7 @@ coyoteRequest.attributeEvent=Exception thrown by attributes event listener coyoteRequest.parseParameters=Exception thrown whilst processing POSTed parameters coyoteRequest.postTooLarge=Parameters were not parsed because the size of the posted data was too big. Use the maxPostSize attribute of the connector to resolve this if the application should accept large POSTs. +coyoteRequest.sendfileNotCanonical=Unable to determine canonical name of file [{0}] specified for use with sendfile # # MapperListener Modified: branches/2.1.x/java/org/apache/catalina/connector/Request.java =================================================================== --- branches/2.1.x/java/org/apache/catalina/connector/Request.java 2014-02-06 13:37:00 UTC (rev 2361) +++ branches/2.1.x/java/org/apache/catalina/connector/Request.java 2014-02-11 14:13:10 UTC (rev 2362) @@ -20,6 +20,8 @@ import java.io.BufferedReader; +import java.io.FileReader; +import java.io.File; import java.io.IOException; import java.io.InputStream; import java.io.UnsupportedEncodingException; @@ -1434,6 +1436,26 @@ return; } + // Do the security check before any updates are made + if (Globals.IS_SECURITY_ENABLED && + name.equals("org.apache.tomcat.sendfile.filename")) { + // Use the canonical file name to avoid any possible symlink and + // relative path issues + String canonicalPath; + try { + canonicalPath = new File(value.toString()).getCanonicalPath(); + } catch (IOException e) { + throw new SecurityException(sm.getString( + "coyoteRequest.sendfileNotCanonical", value), e); + } + // Sendfile is performed in Tomcat's security context so need to + // check if the web app is permitted to access the file while still + // in the web app's security context + System.getSecurityManager().checkRead(canonicalPath); + // Update the value so the canonical path is used + value = canonicalPath; + } + oldValue = attributes.put(name, value); if (oldValue != null) { replaced = true; Modified: branches/2.1.x/java/org/apache/coyote/http11/Http11AprProtocol.java =================================================================== --- branches/2.1.x/java/org/apache/coyote/http11/Http11AprProtocol.java 2014-02-06 13:37:00 UTC (rev 2361) +++ branches/2.1.x/java/org/apache/coyote/http11/Http11AprProtocol.java 2014-02-11 14:13:10 UTC (rev 2362) @@ -31,6 +31,7 @@ import javax.management.MBeanServer; import javax.management.ObjectName; +import org.apache.catalina.Globals; import org.apache.coyote.ActionCode; import org.apache.coyote.Adapter; import org.apache.coyote.ProtocolHandler; @@ -278,7 +279,12 @@ public void setKeepAliveTimeout(int timeout) { endpoint.setKeepAliveTimeout(timeout); } public boolean getUseSendfile() { return endpoint.getUseSendfile(); } - public void setUseSendfile(boolean useSendfile) { endpoint.setUseSendfile(useSendfile); } + public void setUseSendfile(boolean useSendfile) { + if (Globals.IS_SECURITY_ENABLED) + endpoint.setUseSendfile(useSendfile); + else + log.warn(sm.getString("http11protocol.sendfiledisabled")); + } public int getPollTime() { return endpoint.getPollTime(); } public void setPollTime(int pollTime) { endpoint.setPollTime(pollTime); } Modified: branches/2.1.x/java/org/apache/coyote/http11/LocalStrings.properties =================================================================== --- branches/2.1.x/java/org/apache/coyote/http11/LocalStrings.properties 2014-02-06 13:37:00 UTC (rev 2361) +++ branches/2.1.x/java/org/apache/coyote/http11/LocalStrings.properties 2014-02-11 14:13:10 UTC (rev 2362) @@ -26,6 +26,7 @@ http11protocol.endpoint.pauseerror=Error pausing endpoint http11protocol.resume=Resuming Coyote HTTP/1.1 on {0} http11protocol.endpoint.resumeerror=Error resuming endpoint +http11protocol.sendfiledisabled=Sendfile disabled when no security manager # # Http11Processor

10 years, 10 months

1
0
0 / 0

JBossWeb SVN: r2361 - tags.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2014-02-06 08:37:00 -0500 (Thu, 06 Feb 2014) New Revision: 2361 Added: tags/JBOSSWEB_7_4_0_BETA2/ Log: Web 7.4 Beta 2

10 years, 11 months

1
0
0 / 0

JBossWeb SVN: r2360 - branches/7.4.x.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2014-02-06 08:31:57 -0500 (Thu, 06 Feb 2014) New Revision: 2360 Modified: branches/7.4.x/pom.xml Log: New beta Modified: branches/7.4.x/pom.xml =================================================================== --- branches/7.4.x/pom.xml 2014-02-06 13:31:30 UTC (rev 2359) +++ branches/7.4.x/pom.xml 2014-02-06 13:31:57 UTC (rev 2360) @@ -33,7 +33,7 @@ <groupId>org.jboss.web</groupId> <artifactId>jbossweb</artifactId> - <version>7.4.0.Beta1</version> + <version>7.4.0.Beta2</version> <name>JBoss Web</name> <description>Servlet 3.0 container</description>

10 years, 11 months

1
0
0 / 0

JBossWeb SVN: r2359 - in branches/7.4.x/src/main/java/org: jboss/web and 1 other directory.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2014-02-06 08:31:30 -0500 (Thu, 06 Feb 2014) New Revision: 2359 Modified: branches/7.4.x/src/main/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java branches/7.4.x/src/main/java/org/apache/tomcat/util/http/fileupload/MultipartStream.java branches/7.4.x/src/main/java/org/jboss/web/FileUploadMessages.java Log: Port fix for minor security issue CVE-2014-0050 multipart DoS. Modified: branches/7.4.x/src/main/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java =================================================================== --- branches/7.4.x/src/main/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java 2014-01-29 11:44:13 UTC (rev 2358) +++ branches/7.4.x/src/main/java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java 2014-02-06 13:31:30 UTC (rev 2359) @@ -795,7 +795,11 @@ notifier = new MultipartStream.ProgressNotifier(listener, ctx.getContentLength()); - multi = new MultipartStream(input, boundary, notifier); + try { + multi = new MultipartStream(input, boundary, notifier); + } catch (IllegalArgumentException iae) { + throw new InvalidContentTypeException(MESSAGES.invalidBoundary(CONTENT_TYPE), iae); + } multi.setHeaderEncoding(charEncoding); skipPreamble = true; @@ -969,7 +973,7 @@ * detail message. */ public InvalidContentTypeException() { - // Nothing to do. + super(); } /** @@ -981,6 +985,10 @@ public InvalidContentTypeException(String message) { super(message); } + + public InvalidContentTypeException(String message, Exception cause) { + super(message, cause); + } } /** Modified: branches/7.4.x/src/main/java/org/apache/tomcat/util/http/fileupload/MultipartStream.java =================================================================== --- branches/7.4.x/src/main/java/org/apache/tomcat/util/http/fileupload/MultipartStream.java 2014-01-29 11:44:13 UTC (rev 2358) +++ branches/7.4.x/src/main/java/org/apache/tomcat/util/http/fileupload/MultipartStream.java 2014-02-06 13:31:30 UTC (rev 2359) @@ -302,8 +302,11 @@ // We prepend CR/LF to the boundary to chop trailing CR/LF from // body-data tokens. - this.boundary = new byte[boundary.length + BOUNDARY_PREFIX.length]; this.boundaryLength = boundary.length + BOUNDARY_PREFIX.length; + if (bufSize < this.boundaryLength + 1) { + throw MESSAGES.multipartStreamBufferSizeTooSmall(); + } + this.boundary = new byte[this.boundaryLength]; this.keepRegion = this.boundary.length; System.arraycopy(BOUNDARY_PREFIX, 0, this.boundary, 0, BOUNDARY_PREFIX.length); Modified: branches/7.4.x/src/main/java/org/jboss/web/FileUploadMessages.java =================================================================== --- branches/7.4.x/src/main/java/org/jboss/web/FileUploadMessages.java 2014-01-29 11:44:13 UTC (rev 2358) +++ branches/7.4.x/src/main/java/org/jboss/web/FileUploadMessages.java 2014-02-06 13:31:30 UTC (rev 2359) @@ -122,4 +122,10 @@ @Message(id = 8228, value = "Invalid file name: %s") String invalidFileName(String fileName); + @Message(id = 8229, value = "The boundary specified in the %s header is too long") + String invalidBoundary(String header); + + @Message(id = 8230, value = "The buffer size specified for the MultipartStream is too small") + IllegalArgumentException multipartStreamBufferSizeTooSmall(); + }

10 years, 11 months

1
0
0 / 0

← Newer
1
2
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

jbossweb-commits February 2014