[jbossweb-commits] JBossWeb SVN: r1835 - in trunk: webapps/docs and 1 other directory.

Friday, 9 September 2011

Author: jfrederic.clere(a)jboss.com
Date: 2011-09-09 11:26:54 -0400 (Fri, 09 Sep 2011)
New Revision: 1835

Modified:
   trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java
   trunk/java/org/apache/coyote/ajp/AjpProcessor.java
   trunk/webapps/docs/changelog.xml
Log:
Arrange the patch we had long ago for a customer case.


Modified: trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java
===================================================================

--- trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java	2011-09-09 14:28:58 UTC (rev
1834)
+++ trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java	2011-09-09 15:26:54 UTC (rev
1835)
@@ -456,7 +456,8 @@
                     if(log.isDebugEnabled()) {
                         log.debug("Unexpected message: "+type);
                     }
-                    continue;
+                    error = true;
+                    break;
                 }
 
                 keptAlive = true;
@@ -1095,7 +1096,7 @@
         flush();
 
         // read remaining data from the special first-body-chunk
-        if (first && request.getContentLength() > 0) {
+        if (first && request.getContentLengthLong() > 0) {
             try {
                 receive();
             } catch (IOException e) {

Modified: trunk/java/org/apache/coyote/ajp/AjpProcessor.java
===================================================================
--- trunk/java/org/apache/coyote/ajp/AjpProcessor.java	2011-09-09 14:28:58 UTC (rev 1834)
+++ trunk/java/org/apache/coyote/ajp/AjpProcessor.java	2011-09-09 15:26:54 UTC (rev 1835)
@@ -472,7 +472,8 @@
                     if(log.isDebugEnabled()) {
                         log.debug("Unexpected message: "+type);
                     }
-                    continue;
+                    error = true;
+                    break;
                 }
 
                 request.setStartTime(System.currentTimeMillis());
@@ -1106,7 +1107,7 @@
 
 
         // read remaining data from the special first-body-chunk
-        if (first && request.getContentLength() > 0) {
+        if (first && request.getContentLengthLong() > 0) {
             try {
                 receive();
             } catch (IOException e) {

Modified: trunk/webapps/docs/changelog.xml
===================================================================
--- trunk/webapps/docs/changelog.xml	2011-09-09 14:28:58 UTC (rev 1834)
+++ trunk/webapps/docs/changelog.xml	2011-09-09 15:26:54 UTC (rev 1835)
@@ -24,6 +24,13 @@
       </update>
     </changelog>
   </subsection>
+  <subsection name="Coyote">
+    <changelog>
+      <fix>
+         <bug>51698</bug>: Fix CVE-2011-3190. Prevent AJP message injection.
(markt)
+      </fix>
+    </changelog>
+  </subsection>
 </section>
 
 <section name="JBoss Web 7.0.1.Final (remm)">


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

[jbossweb-commits] JBossWeb SVN: r1835 - in trunk: webapps/docs and 1 other directory.