Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
DISCONTINUED:openSUSE:10.3:Update
tomcat55
apache-tomcat-CVE-2007-5333.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apache-tomcat-CVE-2007-5333.patch of Package tomcat55
--- apache-tomcat-5.5.23-src/connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java +++ apache-tomcat-5.5.23-src/connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java @@ -376,14 +376,20 @@ } } try { - Cookie cookie = new Cookie(scookie.getName().toString(), - scookie.getValue().toString()); - cookie.setPath(scookie.getPath().toString()); - cookie.setVersion(scookie.getVersion()); + // CVE-2007-5333 (bnc#360502) + /* + we must unescape the '\\' escape character + */ + Cookie cookie = new Cookie(scookie.getName().toString(), null); + int version = scookie.getVersion(); + cookie.setVersion(version); + cookie.setValue(unescape(scookie.getValue().toString())); + cookie.setPath(unescape(scookie.getPath().toString())); String domain = scookie.getDomain().toString(); - if (domain != null) { - cookie.setDomain(scookie.getDomain().toString()); - } + // CVE-2007-5333 (bnc#360502) + if (domain != null) cookie.setDomain(unescape(domain)); + String comment = scookie.getComment().toString(); + cookie.setComment(version==1?unescape(comment):null); cookies[idx++] = cookie; } catch(Exception ex) { log("Bad Cookie Name: " + scookie.getName() + @@ -400,6 +406,23 @@ } + protected String unescape(String s) { + if (s==null) return null; + if (s.indexOf('\\') == -1) return s; + StringBuffer buf = new StringBuffer(); + for (int i=0; i<s.length(); i++) { + char c = s.charAt(i); + if (c!='\\') buf.append(c); + else { + if (++i >= s.length()) throw new IllegalArgumentException();//invalid escape, hence invalid cookie + c = s.charAt(i); + buf.append(c); + } + } + return buf.toString(); + } + + /** * Return a context-relative path, beginning with a "/", that represents --- apache-tomcat-5.5.23-src/connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteResponse.java +++ apache-tomcat-5.5.23-src/connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteResponse.java @@ -796,18 +796,20 @@ if (included) return; - cookies.add(cookie); - StringBuffer sb = new StringBuffer(); + // CVE-2007-5333 (bnc#360205) + //web application code can receive a IllegalArgumentException + //from the appendCookieValue invokation ServerCookie.appendCookieValue (sb, cookie.getVersion(), cookie.getName(), cookie.getValue(), cookie.getPath(), cookie.getDomain(), cookie.getComment(), cookie.getMaxAge(), cookie.getSecure()); + // if we reached here, no exception, cookie is valid // the header name is Set-Cookie for both "old" and v.1 ( RFC2109 ) // RFC2965 is not supported by browsers and the Servlet spec // asks for 2109. addHeader("Set-Cookie", sb.toString()); - + cookies.add(cookie); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor