[jboss-cvs] Repository SVN: r27652 - apache-tomcat/5.5.9.patch08-brew/src.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Jul 7 20:26:24 EDT 2009
Author: dknox at redhat.com
Date: 2009-07-07 20:26:24 -0400 (Tue, 07 Jul 2009)
New Revision: 27652
Added:
apache-tomcat/5.5.9.patch08-brew/src/tomcat5-5.5.9-CVE-2008-5515.patch
apache-tomcat/5.5.9.patch08-brew/src/tomcat5-5.5.9-CVE-2009-0033.patch
apache-tomcat/5.5.9.patch08-brew/src/tomcat5-5.5.9-CVE-2009-0580.patch
Log:
adding patch files for tag tomcat5-5_5_9-1_patch08_2_1jpp_1jb
Added: apache-tomcat/5.5.9.patch08-brew/src/tomcat5-5.5.9-CVE-2008-5515.patch
===================================================================
--- apache-tomcat/5.5.9.patch08-brew/src/tomcat5-5.5.9-CVE-2008-5515.patch (rev 0)
+++ apache-tomcat/5.5.9.patch08-brew/src/tomcat5-5.5.9-CVE-2008-5515.patch 2009-07-08 00:26:24 UTC (rev 27652)
@@ -0,0 +1,312 @@
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/Request.java 2009-06-09 11:38:56.000000000 +0200
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/connector/Request.java 2009-06-09 11:43:58.000000000 +0200
+@@ -1234,10 +1234,9 @@
+ int pos = requestPath.lastIndexOf('/');
+ String relative = null;
+ if (pos >= 0) {
+- relative = RequestUtil.normalize
+- (requestPath.substring(0, pos + 1) + path);
++ relative = requestPath.substring(0, pos + 1) + path;
+ } else {
+- relative = RequestUtil.normalize(requestPath + path);
++ relative = requestPath + path;
+ }
+
+ return (context.getServletContext().getRequestDispatcher(relative));
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationContext.java 2009-06-09 11:38:56.000000000 +0200
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationContext.java 2009-06-09 13:50:01.000000000 +0200
+@@ -42,6 +42,7 @@
+ import org.apache.catalina.Wrapper;
+ import org.apache.catalina.deploy.ApplicationParameter;
+ import org.apache.catalina.util.Enumerator;
++import org.apache.catalina.util.RequestUtil;
+ import org.apache.catalina.util.ResourceSet;
+ import org.apache.catalina.util.ServerInfo;
+ import org.apache.catalina.util.StringManager;
+@@ -386,7 +387,7 @@
+ path = path.substring(0, pos);
+ }
+
+- path = normalize(path);
++ path = RequestUtil.normalize(path);
+ if (path == null)
+ return (null);
+
+@@ -473,7 +474,7 @@
+ throw new MalformedURLException(sm.getString("applicationContext.requestDispatcher.iae", path));
+ }
+
+- path = normalize(path);
++ path = RequestUtil.normalize(path);
+ if (path == null)
+ return (null);
+
+@@ -522,10 +523,13 @@
+ */
+ public InputStream getResourceAsStream(String path) {
+
+- path = normalize(path);
+ if (path == null)
+ return (null);
+
++ path = RequestUtil.normalize(path);
++ if (path == null)
++ return null;
++
+ DirContext resources = context.getResources();
+ if (resources != null) {
+ try {
+@@ -549,7 +553,14 @@
+ */
+ public Set getResourcePaths(String path) {
+
+- path = normalize(path);
++ if (path == null)
++ return (null);
++
++ if (!path.startsWith("/")) {
++ throw new IllegalArgumentException
++ (sm.getString("applicationContext.requestDispatcher.iae", path));
++ }
++ path = RequestUtil.normalize(path);
+ if (path == null)
+ return (null);
+
+@@ -859,41 +870,6 @@
+
+
+ /**
+- * Return a context-relative path, beginning with a "/", that represents
+- * the canonical version of the specified path after ".." and "." elements
+- * are resolved out. If the specified path attempts to go outside the
+- * boundaries of the current context (i.e. too many ".." path elements
+- * are present), return <code>null</code> instead.
+- *
+- * @param path Path to be normalized
+- */
+- private String normalize(String path) {
+-
+- String normalized = path;
+-
+- // Normalize the slashes and add leading slash if necessary
+- if (normalized.indexOf('\\') >= 0)
+- normalized = normalized.replace('\\', '/');
+-
+- // Resolve occurrences of "/../" in the normalized path
+- while (true) {
+- int index = normalized.indexOf("/../");
+- if (index < 0)
+- break;
+- if (index == 0)
+- return (null); // Trying to go outside our context
+- int index2 = normalized.lastIndexOf('/', index - 1);
+- normalized = normalized.substring(0, index2) +
+- normalized.substring(index + 3);
+- }
+-
+- // Return the normalized path that we have completed
+- return (normalized);
+-
+- }
+-
+-
+- /**
+ * Merge the context initialization parameters specified in the application
+ * deployment descriptor with the application parameters described in the
+ * server configuration, respecting the <code>override</code> property of
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java 2005-03-26 20:23:59.000000000 +0100
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java 2009-06-09 11:43:58.000000000 +0200
+@@ -317,10 +317,9 @@
+ int pos = requestPath.lastIndexOf('/');
+ String relative = null;
+ if (pos >= 0) {
+- relative = RequestUtil.normalize
+- (requestPath.substring(0, pos + 1) + path);
++ relative = requestPath.substring(0, pos + 1) + path;
+ } else {
+- relative = RequestUtil.normalize(requestPath + path);
++ relative = requestPath + path;
+ }
+
+ return (context.getServletContext().getRequestDispatcher(relative));
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java 2009-06-09 11:38:56.000000000 +0200
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java 2009-06-09 12:05:03.000000000 +0200
+@@ -1340,70 +1340,6 @@
+
+ }
+
+- /**
+- * Return a context-relative path, beginning with a "/", that represents
+- * the canonical version of the specified path after ".." and "." elements
+- * are resolved out. If the specified path attempts to go outside the
+- * boundaries of the current context (i.e. too many ".." path elements
+- * are present), return <code>null</code> instead.
+- *
+- * @param path Path to be normalized
+- */
+- protected String normalize(String path) {
+-
+- if (path == null)
+- return null;
+-
+- // Create a place for the normalized path
+- String normalized = path;
+-
+- if (normalized == null)
+- return (null);
+-
+- if (normalized.equals("/."))
+- return "/";
+-
+- // Normalize the slashes and add leading slash if necessary
+- if (normalized.indexOf('\\') >= 0)
+- normalized = normalized.replace('\\', '/');
+- if (!normalized.startsWith("/"))
+- normalized = "/" + normalized;
+-
+- // Resolve occurrences of "//" in the normalized path
+- while (true) {
+- int index = normalized.indexOf("//");
+- if (index < 0)
+- break;
+- normalized = normalized.substring(0, index) +
+- normalized.substring(index + 1);
+- }
+-
+- // Resolve occurrences of "/./" in the normalized path
+- while (true) {
+- int index = normalized.indexOf("/./");
+- if (index < 0)
+- break;
+- normalized = normalized.substring(0, index) +
+- normalized.substring(index + 2);
+- }
+-
+- // Resolve occurrences of "/../" in the normalized path
+- while (true) {
+- int index = normalized.indexOf("/../");
+- if (index < 0)
+- break;
+- if (index == 0)
+- return (null); // Trying to go outside our context
+- int index2 = normalized.lastIndexOf('/', index - 1);
+- normalized = normalized.substring(0, index2) +
+- normalized.substring(index + 3);
+- }
+-
+- // Return the normalized path that we have completed
+- return (normalized);
+-
+- }
+-
+
+ // -------------------------------------------------------- Private Methods
+
+@@ -1559,7 +1495,7 @@
+ }
+
+ // Normalise destination path (remove '.' and '..')
+- destinationPath = normalize(destinationPath);
++ destinationPath = RequestUtil.normalize(destinationPath);
+
+ String contextPath = req.getContextPath();
+ if ((contextPath != null) &&
+@@ -2306,7 +2242,7 @@
+ if (!toAppend.startsWith("/"))
+ toAppend = "/" + toAppend;
+
+- generatedXML.writeText(rewriteUrl(normalize(absoluteUri + toAppend)));
++ generatedXML.writeText(rewriteUrl(RequestUtil.normalize(absoluteUri + toAppend)));
+
+ generatedXML.writeElement(null, "href", XMLWriter.CLOSING);
+
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/ssi/SSIServletExternalResolver.java 2005-03-26 20:24:01.000000000 +0100
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/ssi/SSIServletExternalResolver.java 2009-06-09 12:06:25.000000000 +0200
+@@ -24,6 +24,8 @@
+ import javax.servlet.http.HttpServlet;
+ import javax.servlet.http.HttpServletRequest;
+ import javax.servlet.http.HttpServletResponse;
++import org.apache.catalina.util.RequestUtil;
++
+ /**
+ * An implementation of SSIExternalResolver that is used with servlets.
+ *
+@@ -230,7 +232,7 @@
+ + pathWithoutContext);
+ }
+ String fullPath = prefix + path;
+- String retVal = SSIServletRequestUtil.normalize(fullPath);
++ String retVal = RequestUtil.normalize(fullPath);
+ if (retVal == null) {
+ throw new IOException("Normalization yielded null on path: "
+ + fullPath);
+@@ -264,7 +266,7 @@
+ if (!virtualPath.startsWith("/") && !virtualPath.startsWith("\\")) {
+ path = getAbsolutePath(virtualPath);
+ } else {
+- String normalized = SSIServletRequestUtil.normalize(virtualPath);
++ String normalized = RequestUtil.normalize(virtualPath);
+ if (isVirtualWebappRelative) {
+ path = normalized;
+ } else {
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/ssi/SSIServletRequestUtil.java 2005-03-26 20:24:01.000000000 +0100
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/ssi/SSIServletRequestUtil.java 2009-06-09 11:44:33.000000000 +0200
+@@ -41,7 +41,7 @@
+ if ((result == null) || (result.equals(""))) {
+ result = "/";
+ }
+- return normalize(result);
++ return RequestUtil.normalize(result);
+ }
+
+
+@@ -57,15 +57,9 @@
+ *
+ * @param path
+ * Path to be normalized
++ * @deprecated
+ */
+ public static String normalize(String path) {
+- if (path == null) return null;
+- String normalized = path;
+- //Why doesn't RequestUtil do this??
+- // Normalize the slashes and add leading slash if necessary
+- if (normalized.indexOf('\\') >= 0)
+- normalized = normalized.replace('\\', '/');
+- normalized = RequestUtil.normalize(path);
+- return normalized;
++ return RequestUtil.normalize(path);
+ }
+ }
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/util/RequestUtil.java 2005-03-26 20:24:02.000000000 +0100
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/util/RequestUtil.java 2009-06-09 11:44:33.000000000 +0200
+@@ -147,6 +147,19 @@
+ * @param path Relative path to be normalized
+ */
+ public static String normalize(String path) {
++ return normalize(path, true);
++ }
++
++ /**
++ * Normalize a relative URI path that may have relative values ("/./",
++ * "/../", and so on ) it it. <strong>WARNING</strong> - This method is
++ * useful only for normalizing application-generated paths. It does not
++ * try to perform security checks for malicious input.
++ *
++ * @param path Relative path to be normalized
++ * @param replaceBackSlash Should '\\' be replaced with '/'
++ */
++ public static String normalize(String path, boolean replaceBackSlash) {
+
+ if (path == null)
+ return null;
+@@ -154,6 +167,9 @@
+ // Create a place for the normalized path
+ String normalized = path;
+
++ if (replaceBackSlash && normalized.indexOf('\\') >= 0)
++ normalized = normalized.replace('\\', '/');
++
+ if (normalized.equals("/."))
+ return "/";
+
Added: apache-tomcat/5.5.9.patch08-brew/src/tomcat5-5.5.9-CVE-2009-0033.patch
===================================================================
--- apache-tomcat/5.5.9.patch08-brew/src/tomcat5-5.5.9-CVE-2009-0033.patch (rev 0)
+++ apache-tomcat/5.5.9.patch08-brew/src/tomcat5-5.5.9-CVE-2009-0033.patch 2009-07-08 00:26:24 UTC (rev 27652)
@@ -0,0 +1,29 @@
+--- jakarta-tomcat-connectors/jk/java/org/apache/jk/common/ChannelSocket.java 2005-03-26 20:24:11.000000000 +0100
++++ jakarta-tomcat-connectors/jk/java/org/apache/jk/common/ChannelSocket.java 2009-06-09 15:08:33.000000000 +0200
+@@ -678,6 +678,7 @@
+ status= this.invoke( recv, ep );
+ if( status!= JkHandler.OK ) {
+ log.warn("processCallbacks status " + status );
++ ((Request)ep.getRequest()).getResponse().finish();
+ break;
+ }
+ }
+--- jakarta-tomcat-connectors/jk/java/org/apache/jk/common/HandlerRequest.java 2005-03-26 20:24:11.000000000 +0100
++++ jakarta-tomcat-connectors/jk/java/org/apache/jk/common/HandlerRequest.java 2009-06-09 14:41:00.000000000 +0200
+@@ -367,8 +367,16 @@
+ ((Request)ep.getRequest()).unparsedURI());
+ }
+ } catch( Exception ex ) {
++ /* If we are here it is because we have a bad header or something like that */
+ log.error( "Error decoding request ", ex );
+ msg.dump( "Incomming message");
++ Response res= ((Request)ep.getRequest()).getResponse();
++ if ( res==null ) {
++ res=new Response();
++ ((Request)ep.getRequest()).setResponse(res);
++ }
++ res.setMessage("Bad Request");
++ res.setStatus(400);
+ return ERROR;
+ }
+
Added: apache-tomcat/5.5.9.patch08-brew/src/tomcat5-5.5.9-CVE-2009-0580.patch
===================================================================
--- apache-tomcat/5.5.9.patch08-brew/src/tomcat5-5.5.9-CVE-2009-0580.patch (rev 0)
+++ apache-tomcat/5.5.9.patch08-brew/src/tomcat5-5.5.9-CVE-2009-0580.patch 2009-07-08 00:26:24 UTC (rev 27652)
@@ -0,0 +1,41 @@
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/DataSourceRealm.java 2005-03-26 20:24:00.000000000 +0100
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/DataSourceRealm.java 2009-06-10 14:09:30.000000000 +0200
+@@ -269,8 +269,9 @@
+ */
+ public Principal authenticate(String username, String credentials) {
+
+- // No user - can't possibly authenticate, don't bother the database then
+- if (username == null) {
++ // No user or no credentials
++ // Can't possibly authenticate, don't bother the database then
++ if (username == null || credentials == null) {
+ return null;
+ }
+
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JDBCRealm.java 2005-03-26 20:24:00.000000000 +0100
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JDBCRealm.java 2009-06-10 14:09:30.000000000 +0200
+@@ -390,9 +390,10 @@
+ String username,
+ String credentials) {
+
+- // No user - can't possibly authenticate
+- if (username == null) {
+- return (null);
++ // No user or no credentials
++ // Can't possibly authenticate, don't bother the database then
++ if (username == null || credentials == null) {
++ return null;
+ }
+
+ // Look up the user's credentials
+--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java 2005-03-26 20:24:00.000000000 +0100
++++ jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java 2009-06-10 14:09:30.000000000 +0200
+@@ -159,7 +159,7 @@
+ (GenericPrincipal) principals.get(username);
+
+ boolean validated = false;
+- if (principal != null) {
++ if (principal != null && credentials != null) {
+ if (hasMessageDigest()) {
+ // Hex hashes should be compared case-insensitive
+ validated = (digest(credentials)
More information about the jboss-cvs-commits
mailing list