File tomcat-8.0.53-CVE-2022-23181.patch of Package tomcat.37363
From 97943959ba721ad5e8e8ba765a68d2b153348530 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Wed, 12 Jan 2022 11:11:29 +0000
Subject: [PATCH] Make calculation of session storage location more robust
---
java/org/apache/catalina/session/FileStore.java | 5 +++--
webapps/docs/changelog.xml | 4 ++++
2 files changed, 7 insertions(+), 2 deletions(-)
Index: apache-tomcat-8.0.53-src/java/org/apache/catalina/session/FileStore.java
===================================================================
--- apache-tomcat-8.0.53-src.orig/java/org/apache/catalina/session/FileStore.java
+++ apache-tomcat-8.0.53-src/java/org/apache/catalina/session/FileStore.java
@@ -350,13 +350,14 @@ public final class FileStore extends Sto
String filename = id + FILE_EXT;
File file = new File(storageDir, filename);
+ File canonicalFile = file.getCanonicalFile();
// Check the file is within the storage directory
- if (!file.getCanonicalFile().toPath().startsWith(storageDir.getCanonicalFile().toPath())) {
+ if (!canonicalFile.toPath().startsWith(storageDir.getCanonicalFile().toPath())) {
log.warn(sm.getString("fileStore.invalid", file.getPath(), id));
return null;
}
- return file;
+ return canonicalFile;
}
}
Index: apache-tomcat-8.0.53-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-8.0.53-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-8.0.53-src/webapps/docs/changelog.xml
@@ -616,6 +616,10 @@
When generating a redirect to a directory in the Default Servlet, avoid
generating a protocol relative redirect. (markt)
</fix>
+ <fix>
+ Make the calculation of the session storage location more robust when
+ using file based persistent storage. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
