Overview

File tomcat-8.0.53-CVE-2020-13935.patch of Package tomcat.17113

Index: apache-tomcat-8.0.53-src/java/org/apache/tomcat/websocket/LocalStrings.properties
===================================================================
--- apache-tomcat-8.0.53-src.orig/java/org/apache/tomcat/websocket/LocalStrings.properties
+++ apache-tomcat-8.0.53-src/java/org/apache/tomcat/websocket/LocalStrings.properties
@@ -66,6 +66,7 @@ wsFrame.partialHeaderComplete=WebSocket
 wsFrame.sessionClosed=The client data cannot be processed because the session has already been closed
 wsFrame.textMessageTooBig=The decoded text message was too big for the output buffer and the endpoint does not support partial messages
 wsFrame.wrongRsv=The client frame set the reserved bits to [{0}] for a message with opCode [{1}] which was not supported by this endpoint
+wsFrame.payloadMsbInvalid=An invalid WebSocket frame was received - the most significant bit of a 64-bit payload was illegally set
 
 wsFrameClient.ioe=Failure while reading data sent by server
 
@@ -131,4 +132,4 @@ wsWebSocketContainer.missingLocationHead
 wsWebSocketContainer.redirectThreshold=Cyclic Location header [{0}] detected / reached max number of redirects [{1}] of max [{2}]
 wsWebSocketContainer.unsupportedAuthScheme=Failed to handle HTTP response code [{0}]. Unsupported Authentication scheme [{1}] returned in response
 wsWebSocketContainer.failedAuthentication=Failed to handle HTTP response code [{0}]. Authentication header was not accepted by server.
-wsWebSocketContainer.missingWWWAuthenticateHeader=Failed to handle HTTP response code [{0}]. Missing WWW-Authenticate header in response
\ No newline at end of file
+wsWebSocketContainer.missingWWWAuthenticateHeader=Failed to handle HTTP response code [{0}]. Missing WWW-Authenticate header in response
Index: apache-tomcat-8.0.53-src/java/org/apache/tomcat/websocket/WsFrameBase.java
===================================================================
--- apache-tomcat-8.0.53-src.orig/java/org/apache/tomcat/websocket/WsFrameBase.java
+++ apache-tomcat-8.0.53-src/java/org/apache/tomcat/websocket/WsFrameBase.java
@@ -260,6 +260,10 @@ public abstract class WsFrameBase {
             readPos += 2;
         } else if (payloadLength == 127) {
             payloadLength = byteArrayToLong(inputBuffer, readPos, 8);
+            if (payloadLength < 0) {
+                throw new WsIOException(
+                        new CloseReason(CloseCodes.PROTOCOL_ERROR, sm.getString("wsFrame.payloadMsbInvalid")));
+            }
             readPos += 8;
         }
         if (Util.isControl(opCode)) {
openSUSE Build Service is sponsored by
Places