Author: jfrederic.clere(a)jboss.com
Date: 2011-11-24 05:05:31 -0500 (Thu, 24 Nov 2011)
New Revision: 1872
Modified:
branches/2.1.x/java/org/apache/tomcat/util/net/AprEndpoint.java
Log:
Fix CVE-2011-2526.
Modified: branches/2.1.x/java/org/apache/tomcat/util/net/AprEndpoint.java
===================================================================
--- branches/2.1.x/java/org/apache/tomcat/util/net/AprEndpoint.java 2011-11-24 08:23:37
UTC (rev 1871)
+++ branches/2.1.x/java/org/apache/tomcat/util/net/AprEndpoint.java 2011-11-24 10:05:31
UTC (rev 1872)
@@ -301,7 +301,7 @@
/**
* Use sendfile for sending static files.
*/
- protected boolean useSendfile = Library.APR_HAS_SENDFILE;
+ protected boolean useSendfile = false; /* CVE-2011-2526 */
public void setUseSendfile(boolean useSendfile) { this.useSendfile = useSendfile; }
public boolean getUseSendfile() { return useSendfile; }
Show replies by date