File tomcat-8.0.53-CVE-2023-41080.patch of Package tomcat.37363
From 77c0ce2d169efa248b64b992e547aad549ec906b Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Tue, 22 Aug 2023 11:31:23 -0700
Subject: [PATCH] Avoid protocol relative redirects
---
Index: apache-tomcat-8.0.53-src/java/org/apache/catalina/authenticator/FormAuthenticator.java
===================================================================
--- apache-tomcat-8.0.53-src.orig/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ apache-tomcat-8.0.53-src/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -664,6 +664,12 @@ public class FormAuthenticator
sb.append('?');
sb.append(saved.getQueryString());
}
+
+ // Avoid protocol relative redirects
+ while (sb.length() > 1 && sb.charAt(1) == '/') {
+ sb.deleteCharAt(0);
+ }
+
return (sb.toString());
}
Index: apache-tomcat-8.0.53-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-8.0.53-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-8.0.53-src/webapps/docs/changelog.xml
@@ -156,6 +156,9 @@
used and if something accidently exposes the class loader this method
can be used to gain access to Tomcat internals. (markt)
</add>
+ <fix>
+ Avoid protocol relative redirects in FORM authentication. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">