Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
DISCONTINUED:openSUSE:10.3:Update
tomcat55
apache-tomcat-CVE-2008-2938.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apache-tomcat-CVE-2008-2938.patch of Package tomcat55
--- apache-tomcat-5.5.23-src/connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java +++ apache-tomcat-5.5.23-src/connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java @@ -260,6 +260,12 @@ } } + // Check that the URI is still normalized + if (!checkNormalize(req.decodedURI())) { + res.setStatus(400); + res.setMessage("Invalid URI character encoding"); + return false; + } // Parse cookies parseCookies(req, request); @@ -664,6 +670,68 @@ } + /** + * Check that the URI is normalized following character decoding. + * <p> + * This method checks for "\", 0, "//", "/./" and "/../". This method will + * return false if sequences that are supposed to be normalized are still + * present in the URI. + * + * @param uriMB URI to be checked (should be chars) + */ + public static boolean checkNormalize(MessageBytes uriMB) { + + CharChunk uriCC = uriMB.getCharChunk(); + char[] c = uriCC.getChars(); + int start = uriCC.getStart(); + int end = uriCC.getEnd(); + + int pos = 0; + + // Check for '\' and 0 + for (pos = start; pos < end; pos++) { + if (c[pos] == '\\') { + return false; + } + if (c[pos] == 0) { + return false; + } + } + + // Check for "//" + for (pos = start; pos < (end - 1); pos++) { + if (c[pos] == '/') { + if (c[pos + 1] == '/') { + return false; + } + } + } + + // Check for ending with "/." or "/.." + if (((end - start) >= 2) && (c[end - 1] == '.')) { + if ((c[end - 2] == '/') + || ((c[end - 2] == '.') + && (c[end - 3] == '/'))) { + return false; + } + } + + // Check for "/./" + if (uriCC.indexOf("/./", 0, 3, 0) >= 0) { + return false; + } + + // Check for "/../" + if (uriCC.indexOf("/../", 0, 4, 0) >= 0) { + return false; + } + + return true; + + } + + + // ------------------------------------------------------ Protected Methods --- apache-tomcat-5.5.23-src/container/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java +++ apache-tomcat-5.5.23-src/container/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java @@ -327,6 +327,12 @@ return false; } + // Check that the URI is still normalized + if (!checkNormalize(req.decodedURI())) { + res.setStatus(400); + res.setMessage("Invalid URI character encoding"); + return false; + } // Parse session Id parseSessionCookiesId(req, request); @@ -599,6 +605,68 @@ } + /** + * Check that the URI is normalized following character decoding. + * <p> + * This method checks for "\", 0, "//", "/./" and "/../". This method will + * return false if sequences that are supposed to be normalized are still + * present in the URI. + * + * @param uriMB URI to be checked (should be chars) + */ + public static boolean checkNormalize(MessageBytes uriMB) { + + CharChunk uriCC = uriMB.getCharChunk(); + char[] c = uriCC.getChars(); + int start = uriCC.getStart(); + int end = uriCC.getEnd(); + + int pos = 0; + + // Check for '\' and 0 + for (pos = start; pos < end; pos++) { + if (c[pos] == '\\') { + return false; + } + if (c[pos] == 0) { + return false; + } + } + + // Check for "//" + for (pos = start; pos < (end - 1); pos++) { + if (c[pos] == '/') { + if (c[pos + 1] == '/') { + return false; + } + } + } + + // Check for ending with "/." or "/.." + if (((end - start) >= 2) && (c[end - 1] == '.')) { + if ((c[end - 2] == '/') + || ((c[end - 2] == '.') + && (c[end - 3] == '/'))) { + return false; + } + } + + // Check for "/./" + if (uriCC.indexOf("/./", 0, 3, 0) >= 0) { + return false; + } + + // Check for "/../" + if (uriCC.indexOf("/../", 0, 4, 0) >= 0) { + return false; + } + + return true; + + } + + + // ------------------------------------------------------ Protected Methods
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor