File tomcat-8.0.53-CVE-2025-61795.patch of Package tomcat.41603

Index: apache-tomcat-8.0.53-src/java/org/apache/catalina/connector/LocalStrings.properties
===================================================================
--- apache-tomcat-8.0.53-src.orig/java/org/apache/catalina/connector/LocalStrings.properties
+++ apache-tomcat-8.0.53-src/java/org/apache/catalina/connector/LocalStrings.properties
@@ -75,6 +75,7 @@ outputBuffer.writeNull=The String argume
 
 request.asyncNotSupported=A filter or servlet of the current chain does not support asynchronous operations.
 request.notAsync=It is illegal to call this method if the current request is not in asynchronous mode (i.e. isAsyncStarted() returns false)
+request.partCleanup.failed=Unable to delete temporary file for uploaded part after multi-part processing failed
 
 requestFacade.nullRequest=The request object has been recycled and is no longer associated with this facade
 
Index: apache-tomcat-8.0.53-src/java/org/apache/catalina/connector/Request.java
===================================================================
--- apache-tomcat-8.0.53-src.orig/java/org/apache/catalina/connector/Request.java
+++ apache-tomcat-8.0.53-src/java/org/apache/catalina/connector/Request.java
@@ -2826,9 +2826,9 @@ public class Request
             }
 
             parts = new ArrayList<>();
+            List<FileItem> items = null;
             try {
-                List<FileItem> items =
-                        upload.parseRequest(new ServletRequestContext(this));
+                items = upload.parseRequest(new ServletRequestContext(this));
                 int maxPostSize = getConnector().getMaxPostSize();
                 int postSize = 0;
                 String enc = getCharacterEncoding();
@@ -2905,6 +2905,24 @@ public class Request
                 // addParameters() will set parseFailedReason
                 checkSwallowInput();
                 partsParseException = e;
+            } finally {
+                /*
+                 * GC will delete any temporary copies of uploaded files left in the work directory but if we know that the
+                 * upload has failed then explicitly clean up now.
+                 */
+                if (!success) {
+                    parts.clear();
+                    if (items != null) {
+                        for (FileItem item : items) {
+                            try {
+                                item.delete();
+                            } catch (Throwable t) {
+                                ExceptionUtils.handleThrowable(t);
+                                log.warn(sm.getString("request.partCleanup.failed"), t);
+                            }
+                        }
+                    }
+                }
             }
         } finally {
             if (partsParseException != null || !success) {