JBossWeb SVN: r2434 - branches/JBOSSWEB_7_3_1_FINAL_BZ-1103019/src/main/java/org/apache/tomcat/util/net/jsse.
by jbossweb-commits@lists.jboss.org
Author: aogburn
Date: 2014-05-30 10:36:37 -0400 (Fri, 30 May 2014)
New Revision: 2434
Modified:
branches/JBOSSWEB_7_3_1_FINAL_BZ-1103019/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
Log:
[BZ-1103019] merge fix
Modified: branches/JBOSSWEB_7_3_1_FINAL_BZ-1103019/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
===================================================================
--- branches/JBOSSWEB_7_3_1_FINAL_BZ-1103019/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java 2014-05-30 13:30:50 UTC (rev 2433)
+++ branches/JBOSSWEB_7_3_1_FINAL_BZ-1103019/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java 2014-05-30 14:36:37 UTC (rev 2434)
@@ -205,7 +205,12 @@
SSLSupport.CipherData c_aux[]=ciphers;
if (session == null)
return null;
- Integer keySize = (Integer) keySizeCache.get(session);
+
+ Integer keySize = null;
+ synchronized(keySizeCache) {
+ keySize = keySizeCache.get(session);
+ }
+
if (keySize == null) {
int size = 0;
String cipherSuite = session.getCipherSuite();
@@ -216,7 +221,9 @@
}
}
keySize = new Integer(size);
- keySizeCache.put(session, keySize);
+ synchronized(keySizeCache) {
+ keySizeCache.put(session, keySize);
+ }
}
return keySize;
}
Property changes on: branches/JBOSSWEB_7_3_1_FINAL_BZ-1103019/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
___________________________________________________________________
Added: svn:mergeinfo
+ /branches/7.3.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java:2431
11 years, 5 months
JBossWeb SVN: r2433 - branches.
by jbossweb-commits@lists.jboss.org
Author: aogburn
Date: 2014-05-30 09:30:50 -0400 (Fri, 30 May 2014)
New Revision: 2433
Added:
branches/JBOSSWEB_7_3_1_FINAL_BZ-1103019/
Log:
[BZ-1103019] create one-off branch
11 years, 5 months
JBossWeb SVN: r2432 - branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse.
by jbossweb-commits@lists.jboss.org
Author: aogburn
Date: 2014-05-30 00:17:24 -0400 (Fri, 30 May 2014)
New Revision: 2432
Modified:
branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
Log:
[JBWEB-300] synchronize JSSESupport keySizeCache access
Modified: branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
===================================================================
--- branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java 2014-05-30 04:13:41 UTC (rev 2431)
+++ branches/7.4.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java 2014-05-30 04:17:24 UTC (rev 2432)
@@ -205,7 +205,12 @@
SSLSupport.CipherData c_aux[]=ciphers;
if (session == null)
return null;
- Integer keySize = (Integer) keySizeCache.get(session);
+
+ Integer keySize = null;
+ synchronized(keySizeCache) {
+ keySize = keySizeCache.get(session);
+ }
+
if (keySize == null) {
int size = 0;
String cipherSuite = session.getCipherSuite();
@@ -216,7 +221,9 @@
}
}
keySize = new Integer(size);
- keySizeCache.put(session, keySize);
+ synchronized(keySizeCache) {
+ keySizeCache.put(session, keySize);
+ }
}
return keySize;
}
11 years, 5 months
JBossWeb SVN: r2431 - branches/7.3.x/src/main/java/org/apache/tomcat/util/net/jsse.
by jbossweb-commits@lists.jboss.org
Author: aogburn
Date: 2014-05-30 00:13:41 -0400 (Fri, 30 May 2014)
New Revision: 2431
Modified:
branches/7.3.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
Log:
[JBWEB-300] synchronize JSSESupport keySizeCache access
Modified: branches/7.3.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
===================================================================
--- branches/7.3.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java 2014-05-28 09:23:51 UTC (rev 2430)
+++ branches/7.3.x/src/main/java/org/apache/tomcat/util/net/jsse/JSSESupport.java 2014-05-30 04:13:41 UTC (rev 2431)
@@ -205,7 +205,12 @@
SSLSupport.CipherData c_aux[]=ciphers;
if (session == null)
return null;
- Integer keySize = (Integer) keySizeCache.get(session);
+
+ Integer keySize = null;
+ synchronized(keySizeCache) {
+ keySize = keySizeCache.get(session);
+ }
+
if (keySize == null) {
int size = 0;
String cipherSuite = session.getCipherSuite();
@@ -216,7 +221,9 @@
}
}
keySize = new Integer(size);
- keySizeCache.put(session, keySize);
+ synchronized(keySizeCache) {
+ keySizeCache.put(session, keySize);
+ }
}
return keySize;
}
11 years, 5 months
JBossWeb SVN: r2430 - tags.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-05-28 05:23:51 -0400 (Wed, 28 May 2014)
New Revision: 2430
Added:
tags/JBOSSWEB_7_4_4_FINAL/
Log:
New 7.4.4 web build.
11 years, 5 months
JBossWeb SVN: r2429 - branches/7.4.x.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-05-28 05:23:17 -0400 (Wed, 28 May 2014)
New Revision: 2429
Modified:
branches/7.4.x/pom.xml
Log:
New 7.4.4 web build.
Modified: branches/7.4.x/pom.xml
===================================================================
--- branches/7.4.x/pom.xml 2014-05-28 08:30:29 UTC (rev 2428)
+++ branches/7.4.x/pom.xml 2014-05-28 09:23:17 UTC (rev 2429)
@@ -33,7 +33,7 @@
<groupId>org.jboss.web</groupId>
<artifactId>jbossweb</artifactId>
- <version>7.4.3.Final</version>
+ <version>7.4.4.Final</version>
<name>JBoss Web</name>
<description>Servlet 3.0 container</description>
11 years, 5 months
JBossWeb SVN: r2428 - branches/7.4.x/src/main/java/org/apache/coyote/http11/filters.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-05-28 04:30:29 -0400 (Wed, 28 May 2014)
New Revision: 2428
Modified:
branches/7.4.x/src/main/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
Log:
Port CVE-2014-0075: Avoid overflow and use bit shift instead.
Modified: branches/7.4.x/src/main/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
===================================================================
--- branches/7.4.x/src/main/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java 2014-05-28 08:20:59 UTC (rev 2427)
+++ branches/7.4.x/src/main/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java 2014-05-28 08:30:29 UTC (rev 2428)
@@ -269,7 +269,7 @@
int result = 0;
boolean eol = false;
boolean crfound = false;
- boolean readDigit = false;
+ int readDigit = 0;
boolean trailer = false;
while (!eol) {
@@ -296,10 +296,10 @@
throw MESSAGES.invalidChunkHeader();
} else if (!trailer) {
//don't read data after the trailer
- if (HexUtils.DEC[buf[pos] & 0xff] != -1) {
- readDigit = true;
- result *= 16;
- result += HexUtils.DEC[buf[pos]];
+ int charValue = HexUtils.DEC[buf[pos] & 0xff];
+ if (charValue != -1 && readDigit < 8) {
+ readDigit++;
+ result = (result << 4) | charValue;
} else {
//we shouldn't allow invalid, non hex characters
//in the chunked header
@@ -311,7 +311,7 @@
}
- if (!readDigit || (result < 0))
+ if (readDigit == 0 || (result < 0))
throw MESSAGES.invalidChunkHeader();
if (result == 0)
11 years, 5 months
JBossWeb SVN: r2427 - in branches/7.4.x/src/main/java/org: apache/jasper/compiler and 3 other directories.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-05-28 04:20:59 -0400 (Wed, 28 May 2014)
New Revision: 2427
Added:
branches/7.4.x/src/main/java/org/apache/tomcat/util/security/
branches/7.4.x/src/main/java/org/apache/tomcat/util/security/PrivilegedGetTccl.java
branches/7.4.x/src/main/java/org/apache/tomcat/util/security/PrivilegedSetTccl.java
Modified:
branches/7.4.x/src/main/java/org/apache/catalina/servlets/DefaultServlet.java
branches/7.4.x/src/main/java/org/apache/jasper/compiler/JspDocumentParser.java
branches/7.4.x/src/main/java/org/jboss/web/CatalinaMessages.java
Log:
Port fixes for CVE-2014-0119 (low) and CVE-2014-0096: Issue using global XSLT in the default servlet (not used in EAP), and leak issue using XML parsing in Jasper.
Modified: branches/7.4.x/src/main/java/org/apache/catalina/servlets/DefaultServlet.java
===================================================================
--- branches/7.4.x/src/main/java/org/apache/catalina/servlets/DefaultServlet.java 2014-05-28 07:21:40 UTC (rev 2426)
+++ branches/7.4.x/src/main/java/org/apache/catalina/servlets/DefaultServlet.java 2014-05-28 08:20:59 UTC (rev 2427)
@@ -36,8 +36,10 @@
import java.io.Reader;
import java.io.StringReader;
import java.io.StringWriter;
+import java.security.AccessController;
import java.util.ArrayList;
import java.util.Iterator;
+import java.util.Locale;
import java.util.StringTokenizer;
import javax.naming.InitialContext;
@@ -53,10 +55,14 @@
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
@@ -70,6 +76,12 @@
import org.apache.naming.resources.ProxyDirContext;
import org.apache.naming.resources.Resource;
import org.apache.naming.resources.ResourceAttributes;
+import org.apache.tomcat.util.security.PrivilegedGetTccl;
+import org.apache.tomcat.util.security.PrivilegedSetTccl;
+import org.w3c.dom.Document;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+import org.xml.sax.ext.EntityResolver2;
/**
@@ -84,7 +96,10 @@
public class DefaultServlet
extends HttpServlet {
+ private static final DocumentBuilderFactory factory;
+ private static final SecureEntityResolver secureEntityResolver;
+
// ----------------------------------------------------- Instance Variables
@@ -190,6 +205,16 @@
urlEncoder.addSafeCharacter('.');
urlEncoder.addSafeCharacter('*');
urlEncoder.addSafeCharacter('/');
+
+ if (Globals.IS_SECURITY_ENABLED) {
+ factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ factory.setValidating(false);
+ secureEntityResolver = new SecureEntityResolver();
+ } else {
+ factory = null;
+ secureEntityResolver = null;
+ }
}
@@ -1083,17 +1108,12 @@
* Decide which way to render. HTML or XML.
*/
protected InputStream render(String contextPath, CacheEntry cacheEntry)
- throws IOException, ServletException {
-
- InputStream xsltInputStream =
- findXsltInputStream(cacheEntry.context);
-
- if (xsltInputStream==null) {
+ throws IOException, ServletException {
+ Source xsltSource = findXsltInputStream(cacheEntry.context);
+ if (xsltSource == null) {
return renderHtml(contextPath, cacheEntry);
- } else {
- return renderXml(contextPath, cacheEntry, xsltInputStream);
}
-
+ return renderXml(contextPath, cacheEntry, xsltSource);
}
/**
@@ -1105,7 +1125,7 @@
*/
protected InputStream renderXml(String contextPath,
CacheEntry cacheEntry,
- InputStream xsltInputStream)
+ Source xsltSource)
throws IOException, ServletException {
StringBuilder sb = new StringBuilder();
@@ -1196,12 +1216,28 @@
sb.append("</listing>");
+ // Prevent possible memory leak. Ensure Transformer and
+ // TransformerFactory are not loaded from the web application.
+ ClassLoader original;
+ if (Globals.IS_SECURITY_ENABLED) {
+ PrivilegedGetTccl pa = new PrivilegedGetTccl();
+ original = AccessController.doPrivileged(pa);
+ } else {
+ original = Thread.currentThread().getContextClassLoader();
+ }
+ try {
+ if (Globals.IS_SECURITY_ENABLED) {
+ PrivilegedSetTccl pa =
+ new PrivilegedSetTccl(DefaultServlet.class.getClassLoader());
+ AccessController.doPrivileged(pa);
+ } else {
+ Thread.currentThread().setContextClassLoader(
+ DefaultServlet.class.getClassLoader());
+ }
- try {
TransformerFactory tFactory = TransformerFactory.newInstance();
Source xmlSource = new StreamSource(new StringReader(sb.toString()));
- Source xslSource = new StreamSource(xsltInputStream);
- Transformer transformer = tFactory.newTransformer(xslSource);
+ Transformer transformer = tFactory.newTransformer(xsltSource);
ByteArrayOutputStream stream = new ByteArrayOutputStream();
OutputStreamWriter osWriter = new OutputStreamWriter(stream, "UTF8");
@@ -1210,7 +1246,14 @@
osWriter.flush();
return (new ByteArrayInputStream(stream.toByteArray()));
} catch (TransformerException e) {
- throw new ServletException(MESSAGES.xslTransformerError(), e);
+ throw new ServletException("XSL transformer error", e);
+ } finally {
+ if (Globals.IS_SECURITY_ENABLED) {
+ PrivilegedSetTccl pa = new PrivilegedSetTccl(original);
+ AccessController.doPrivileged(pa);
+ } else {
+ Thread.currentThread().setContextClassLoader(original);
+ }
}
}
@@ -1429,7 +1472,7 @@
/**
* Return the xsl template inputstream (if possible)
*/
- protected InputStream findXsltInputStream(DirContext directory)
+ protected Source findXsltInputStream(DirContext directory)
throws IOException, ServletException {
if (localXsltFile != null) {
@@ -1437,8 +1480,13 @@
Object obj = directory.lookup(localXsltFile);
if ((obj != null) && (obj instanceof Resource)) {
InputStream is = ((Resource) obj).streamContent();
- if (is != null)
- return is;
+ if (is != null) {
+ if (Globals.IS_SECURITY_ENABLED) {
+ return secureXslt(is);
+ } else {
+ return new StreamSource(is);
+ }
+ }
}
} catch (NamingException e) {
if (debug > 10)
@@ -1449,8 +1497,13 @@
if (contextXsltFile != null) {
InputStream is =
getServletContext().getResourceAsStream(contextXsltFile);
- if (is != null)
- return is;
+ if (is != null) {
+ if (Globals.IS_SECURITY_ENABLED) {
+ return secureXslt(is);
+ } else {
+ return new StreamSource(is);
+ }
+ }
if (debug > 10)
log("contextXsltFile '" + contextXsltFile + "' not found");
@@ -1459,20 +1512,24 @@
/* Open and read in file in one fell swoop to reduce chance
* chance of leaving handle open.
*/
- if (globalXsltFile!=null) {
- FileInputStream fis = null;
-
- try {
- File f = new File(globalXsltFile);
- if (f.exists()){
- fis =new FileInputStream(f);
+ if (globalXsltFile != null) {
+ File f = validateGlobalXsltFile();
+ if (f != null){
+ FileInputStream fis = null;
+ try {
+ fis = new FileInputStream(f);
byte b[] = new byte[(int)f.length()]; /* danger! */
fis.read(b);
- return new ByteArrayInputStream(b);
+ return new StreamSource(new ByteArrayInputStream(b));
+ } finally {
+ if (fis != null) {
+ try {
+ fis.close();
+ } catch (IOException ioe) {
+ // Ignore
+ }
+ }
}
- } finally {
- if (fis!=null)
- fis.close();
}
}
@@ -1481,6 +1538,90 @@
}
+ private File validateGlobalXsltFile() {
+
+ File result = null;
+ String base = System.getProperty("catalina.base");
+
+ if (base != null) {
+ File baseConf = new File(base, "conf");
+ result = validateGlobalXsltFile(baseConf);
+ }
+
+ if (result == null) {
+ String home = System.getProperty("catalina.home");
+ if (home != null && !home.equals(base)) {
+ File homeConf = new File(home, "conf");
+ result = validateGlobalXsltFile(homeConf);
+ }
+ }
+
+ return result;
+ }
+
+
+ private File validateGlobalXsltFile(File base) {
+ File candidate = new File(globalXsltFile);
+ if (!candidate.isAbsolute()) {
+ candidate = new File(base, globalXsltFile);
+ }
+
+ if (!candidate.isFile()) {
+ return null;
+ }
+
+ // First check that the resulting path is under the provided base
+ try {
+ if (!candidate.getCanonicalPath().startsWith(base.getCanonicalPath())) {
+ return null;
+ }
+ } catch (IOException ioe) {
+ return null;
+ }
+
+ // Next check that an .xsl or .xslt file has been specified
+ String nameLower = candidate.getName().toLowerCase(Locale.ENGLISH);
+ if (!nameLower.endsWith(".xslt") && !nameLower.endsWith(".xsl")) {
+ return null;
+ }
+
+ return candidate;
+ }
+
+
+ private Source secureXslt(InputStream is) {
+ // Need to filter out any external entities
+ Source result = null;
+ try {
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ builder.setEntityResolver(secureEntityResolver);
+ Document document = builder.parse(is);
+ result = new DOMSource(document);
+ } catch (ParserConfigurationException e) {
+ if (debug > 0) {
+ log(e.getMessage(), e);
+ }
+ } catch (SAXException e) {
+ if (debug > 0) {
+ log(e.getMessage(), e);
+ }
+ } catch (IOException e) {
+ if (debug > 0) {
+ log(e.getMessage(), e);
+ }
+ } finally {
+ if (is != null) {
+ try {
+ is.close();
+ } catch (IOException e) {
+ // Ignore
+ }
+ }
+ }
+ return result;
+ }
+
+
// -------------------------------------------------------- protected Methods
@@ -2152,4 +2293,29 @@
}
+ /**
+ * This is secure in the sense that any attempt to use an external entity
+ * will trigger an exception.
+ */
+ private static class SecureEntityResolver implements EntityResolver2 {
+
+ @Override
+ public InputSource resolveEntity(String publicId, String systemId)
+ throws SAXException, IOException {
+ throw new SAXException(MESSAGES.ignoredExternalEntity(publicId, systemId));
+ }
+
+ @Override
+ public InputSource getExternalSubset(String name, String baseURI)
+ throws SAXException, IOException {
+ throw new SAXException(MESSAGES.ignoredExternalSubset(name, baseURI));
+ }
+
+ @Override
+ public InputSource resolveEntity(String name, String publicId,
+ String baseURI, String systemId) throws SAXException,
+ IOException {
+ throw new SAXException(MESSAGES.ignoredExternalEntity(name, publicId, baseURI, systemId));
+ }
+ }
}
Modified: branches/7.4.x/src/main/java/org/apache/jasper/compiler/JspDocumentParser.java
===================================================================
--- branches/7.4.x/src/main/java/org/apache/jasper/compiler/JspDocumentParser.java 2014-05-28 07:21:40 UTC (rev 2426)
+++ branches/7.4.x/src/main/java/org/apache/jasper/compiler/JspDocumentParser.java 2014-05-28 08:20:59 UTC (rev 2427)
@@ -22,7 +22,7 @@
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
-
+import java.security.AccessController;
import java.util.Iterator;
import java.util.List;
import java.util.jar.JarFile;
@@ -33,8 +33,11 @@
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
+import org.apache.jasper.Constants;
import org.apache.jasper.JasperException;
import org.apache.jasper.JspCompilationContext;
+import org.apache.tomcat.util.security.PrivilegedGetTccl;
+import org.apache.tomcat.util.security.PrivilegedSetTccl;
import org.xml.sax.Attributes;
import org.xml.sax.InputSource;
import org.xml.sax.Locator;
@@ -1365,30 +1368,59 @@
*
* @return The SAXParser
*/
- private static SAXParser getSAXParser(
- boolean validating,
- JspDocumentParser jspDocParser)
- throws Exception {
+ private static SAXParser getSAXParser(boolean validating,
+ JspDocumentParser jspDocParser) throws Exception {
- SAXParserFactory factory = SAXParserFactory.newInstance();
- factory.setNamespaceAware(true);
+ ClassLoader original;
+ if (Constants.IS_SECURITY_ENABLED) {
+ PrivilegedGetTccl pa = new PrivilegedGetTccl();
+ original = AccessController.doPrivileged(pa);
+ } else {
+ original = Thread.currentThread().getContextClassLoader();
+ }
+ try {
+ if (Constants.IS_SECURITY_ENABLED) {
+ PrivilegedSetTccl pa = new PrivilegedSetTccl(
+ JspDocumentParser.class.getClassLoader());
+ AccessController.doPrivileged(pa);
+ } else {
+ Thread.currentThread().setContextClassLoader(
+ JspDocumentParser.class.getClassLoader());
+ }
- // Preserve xmlns attributes
- factory.setFeature(
- "http://xml.org/sax/features/namespace-prefixes",
- true);
- factory.setValidating(validating);
- //factory.setFeature(
- // "http://xml.org/sax/features/validation",
- // validating);
-
- // Configure the parser
- SAXParser saxParser = factory.newSAXParser();
- XMLReader xmlReader = saxParser.getXMLReader();
- xmlReader.setProperty(LEXICAL_HANDLER_PROPERTY, jspDocParser);
- xmlReader.setErrorHandler(jspDocParser);
+ SAXParserFactory factory = SAXParserFactory.newInstance();
- return saxParser;
+ factory.setNamespaceAware(true);
+ // Preserve xmlns attributes
+ factory.setFeature(
+ "http://xml.org/sax/features/namespace-prefixes", true);
+
+ factory.setValidating(validating);
+ if (validating) {
+ // Enable DTD validation
+ factory.setFeature("http://xml.org/sax/features/validation",
+ true);
+ // Enable schema validation
+ factory.setFeature(
+ "http://apache.org/xml/features/validation/schema",
+ true);
+ }
+
+ // Configure the parser
+ SAXParser saxParser = factory.newSAXParser();
+ XMLReader xmlReader = saxParser.getXMLReader();
+ xmlReader.setProperty(LEXICAL_HANDLER_PROPERTY, jspDocParser);
+ xmlReader.setErrorHandler(jspDocParser);
+
+ return saxParser;
+ } finally {
+ if (Constants.IS_SECURITY_ENABLED) {
+ PrivilegedSetTccl pa = new PrivilegedSetTccl(original);
+ AccessController.doPrivileged(pa);
+ } else {
+ Thread.currentThread().setContextClassLoader(original);
+ }
+ }
}
/*
Added: branches/7.4.x/src/main/java/org/apache/tomcat/util/security/PrivilegedGetTccl.java
===================================================================
--- branches/7.4.x/src/main/java/org/apache/tomcat/util/security/PrivilegedGetTccl.java (rev 0)
+++ branches/7.4.x/src/main/java/org/apache/tomcat/util/security/PrivilegedGetTccl.java 2014-05-28 08:20:59 UTC (rev 2427)
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.security;
+
+import java.security.PrivilegedAction;
+
+public class PrivilegedGetTccl implements PrivilegedAction<ClassLoader> {
+ @Override
+ public ClassLoader run() {
+ return Thread.currentThread().getContextClassLoader();
+ }
+}
+
+
Added: branches/7.4.x/src/main/java/org/apache/tomcat/util/security/PrivilegedSetTccl.java
===================================================================
--- branches/7.4.x/src/main/java/org/apache/tomcat/util/security/PrivilegedSetTccl.java (rev 0)
+++ branches/7.4.x/src/main/java/org/apache/tomcat/util/security/PrivilegedSetTccl.java 2014-05-28 08:20:59 UTC (rev 2427)
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.security;
+
+import java.security.PrivilegedAction;
+
+public class PrivilegedSetTccl implements PrivilegedAction<Void> {
+
+ private ClassLoader cl;
+
+ public PrivilegedSetTccl(ClassLoader cl) {
+ this.cl = cl;
+ }
+
+ @Override
+ public Void run() {
+ Thread.currentThread().setContextClassLoader(cl);
+ return null;
+ }
+}
\ No newline at end of file
Modified: branches/7.4.x/src/main/java/org/jboss/web/CatalinaMessages.java
===================================================================
--- branches/7.4.x/src/main/java/org/jboss/web/CatalinaMessages.java 2014-05-28 07:21:40 UTC (rev 2426)
+++ branches/7.4.x/src/main/java/org/jboss/web/CatalinaMessages.java 2014-05-28 08:20:59 UTC (rev 2427)
@@ -1023,4 +1023,10 @@
@Message(id = 377, value = "Error getting keys")
String errorGettingKeys();
+ @Message(id = 378, value = "Ignored external entity %s %s %s %s")
+ String ignoredExternalEntity(String name, String publicId, String baseUri, String systemId);
+
+ @Message(id = 379, value = "Ignored external subset %s %s")
+ String ignoredExternalSubset(String publicId, String systemId);
+
}
11 years, 5 months
JBossWeb SVN: r2426 - branches/7.4.x/src/main/java/org/apache/tomcat/util/buf.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-05-28 03:21:40 -0400 (Wed, 28 May 2014)
New Revision: 2426
Modified:
branches/7.4.x/src/main/java/org/apache/tomcat/util/buf/Ascii.java
Log:
Port patch for CVE-2014-0099: Fix possible overflow when parsing long values from a byte array.
Modified: branches/7.4.x/src/main/java/org/apache/tomcat/util/buf/Ascii.java
===================================================================
--- branches/7.4.x/src/main/java/org/apache/tomcat/util/buf/Ascii.java 2014-05-27 07:33:58 UTC (rev 2425)
+++ branches/7.4.x/src/main/java/org/apache/tomcat/util/buf/Ascii.java 2014-05-28 07:21:40 UTC (rev 2426)
@@ -41,6 +41,8 @@
private static final boolean[] isWhite = new boolean[256];
private static final boolean[] isDigit = new boolean[256];
+ private static final long OVERFLOW_LIMIT = Long.MAX_VALUE / 10;
+
/*
* Initialize character translation and type tables.
*/
@@ -187,8 +189,7 @@
* @exception NumberFormatException if the long format was invalid
*/
public static long parseLong(byte[] b, int off, int len)
- throws NumberFormatException
- {
+ throws NumberFormatException {
int c;
if (b == null || len <= 0 || !isDigit(c = b[off++])) {
@@ -196,20 +197,13 @@
}
long n = c - '0';
- long m;
-
while (--len > 0) {
- if (!isDigit(c = b[off++])) {
+ if (isDigit(c = b[off++])
+ && (n < OVERFLOW_LIMIT || (n == OVERFLOW_LIMIT && (c - '0') < 8))) {
+ n = n * 10 + c - '0';
+ } else {
throw new NumberFormatException();
}
- m = n * 10 + c - '0';
-
- if (m < n) {
- // Overflow
- throw new NumberFormatException();
- } else {
- n = m;
- }
}
return n;
11 years, 5 months
JBossWeb SVN: r2425 - tags.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-05-27 03:33:58 -0400 (Tue, 27 May 2014)
New Revision: 2425
Added:
tags/JBOSSWEB_7_4_3_FINAL/
Log:
New 7.4.3 web build.
11 years, 5 months