Author: jfrederic.clere(a)jboss.com
Date: 2011-11-24 05:10:19 -0500 (Thu, 24 Nov 2011)
New Revision: 1873
Modified:
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/tomcat/util/net/AprEndpoint.java
Log:
Fix for CVE-2011-2526.
Modified:
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/tomcat/util/net/AprEndpoint.java
===================================================================
---
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/tomcat/util/net/AprEndpoint.java 2011-11-24
10:05:31 UTC (rev 1872)
+++
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/tomcat/util/net/AprEndpoint.java 2011-11-24
10:10:19 UTC (rev 1873)
@@ -301,7 +301,7 @@
/**
* Use endfile for sending static files.
*/
- protected boolean useSendfile = Library.APR_HAS_SENDFILE;
+ protected boolean useSendfile = false; /* CVE-2011-2526 */
public void setUseSendfile(boolean useSendfile) { this.useSendfile = useSendfile; }
public boolean getUseSendfile() { return useSendfile; }