File tomcat-8.0.53-CVE-2023-28709.patch of Package tomcat.37363
@@ -0,0 +1,30 @@
From fbd81421629afe8b8a3922d59020cde81caea861 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Tue, 11 Apr 2023 16:41:44 +0100
Subject: [PATCH] Fix parameter counting logic
Index: apache-tomcat-8.0.53-src/java/org/apache/tomcat/util/http/Parameters.java
===================================================================
--- apache-tomcat-8.0.53-src.orig/java/org/apache/tomcat/util/http/Parameters.java
+++ apache-tomcat-8.0.53-src/java/org/apache/tomcat/util/http/Parameters.java
@@ -195,14 +195,14 @@ public final class Parameters {
return;
}
- parameterCount ++;
- if (limit > -1 && parameterCount > limit) {
+ if (limit > -1 && parameterCount >= limit) {
// Processing this parameter will push us over the limit. ISE is
// what Request.parseParts() uses for requests that are too big
setParseFailedReason(FailReason.TOO_MANY_PARAMETERS);
throw new IllegalStateException(sm.getString(
"parameters.maxCountFail", Integer.valueOf(limit)));
}
+ parameterCount++;
ArrayList<String> values = paramHashValues.get(key);
if (values == null) {