Author: jfrederic.clere(a)jboss.com
Date: 2011-09-09 11:40:08 -0400 (Fri, 09 Sep 2011)
New Revision: 1836
Modified:
branches/2.1.x/java/org/apache/coyote/ajp/AjpAprProcessor.java
branches/2.1.x/java/org/apache/coyote/ajp/AjpProcessor.java
branches/2.1.x/webapps/docs/changelog.xml
Log:
Arrange the patch we had long ago for a customer case.
Modified: branches/2.1.x/java/org/apache/coyote/ajp/AjpAprProcessor.java
===================================================================
--- branches/2.1.x/java/org/apache/coyote/ajp/AjpAprProcessor.java 2011-09-09 15:26:54 UTC
(rev 1835)
+++ branches/2.1.x/java/org/apache/coyote/ajp/AjpAprProcessor.java 2011-09-09 15:40:08 UTC
(rev 1836)
@@ -386,7 +386,8 @@
if(log.isDebugEnabled()) {
log.debug("Unexpected message: "+type);
}
- continue;
+ error = true;
+ break;
}
keptAlive = true;
@@ -1011,7 +1012,7 @@
flush();
// read remaining data from the special first-body-chunk
- if (first && request.getContentLength() > 0) {
+ if (first && request.getContentLengthLong() > 0) {
try {
receive();
} catch (IOException e) {
Modified: branches/2.1.x/java/org/apache/coyote/ajp/AjpProcessor.java
===================================================================
--- branches/2.1.x/java/org/apache/coyote/ajp/AjpProcessor.java 2011-09-09 15:26:54 UTC
(rev 1835)
+++ branches/2.1.x/java/org/apache/coyote/ajp/AjpProcessor.java 2011-09-09 15:40:08 UTC
(rev 1836)
@@ -404,7 +404,8 @@
if(log.isDebugEnabled()) {
log.debug("Unexpected message: "+type);
}
- continue;
+ error = true;
+ break;
}
request.setStartTime(System.currentTimeMillis());
@@ -1013,7 +1014,7 @@
// read remaining data from the special first-body-chunk
- if (first && request.getContentLength() > 0) {
+ if (first && request.getContentLengthLong() > 0) {
try {
receive();
} catch (IOException e) {
Modified: branches/2.1.x/webapps/docs/changelog.xml
===================================================================
--- branches/2.1.x/webapps/docs/changelog.xml 2011-09-09 15:26:54 UTC (rev 1835)
+++ branches/2.1.x/webapps/docs/changelog.xml 2011-09-09 15:40:08 UTC (rev 1836)
@@ -15,6 +15,16 @@
</properties>
<body>
+<section name="JBoss Web 2.1.13.GA (jfclere)">
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ <bug>51698</bug>: Fix CVE-2011-3190. Prevent AJP message injection.
(markt)
+ </fix>
+ </changelog>
+ </subsection>
+</section>
+
<section name="JBoss Web 2.1.12.GA (jfclere)">
<subsection name="Catalina">
<changelog>