File tomcat-8.0.53-CVE-2023-42795.patch of Package tomcat.37363

Index: apache-tomcat-8.0.53-src/java/org/apache/catalina/connector/LocalStrings.properties
===================================================================
--- apache-tomcat-8.0.53-src.orig/java/org/apache/catalina/connector/LocalStrings.properties
+++ apache-tomcat-8.0.53-src/java/org/apache/catalina/connector/LocalStrings.properties
@@ -50,6 +50,7 @@ coyoteRequest.attributeEvent=Exception t
 coyoteRequest.parseParameters=Exception thrown whilst processing POSTed parameters
 coyoteRequest.postTooLarge=Parameters were not parsed because the size of the posted data was too big. Use the maxPostSize attribute of the connector to resolve this if the application should accept large POSTs.
 coyoteRequest.chunkedPostTooLarge=Parameters were not parsed because the size of the posted data was too big. Because this request was a chunked request, it could not be processed further. Use the maxPostSize attribute of the connector to resolve this if the application should accept large POSTs.
+coyoteRequest.deletePartFailed=Failed to deleted temporary file used for part [{0}]
 coyoteRequest.alreadyAuthenticated=This request has already been authenticated
 coyoteRequest.authenticate.ise=Cannot call authenticate() after the response has been committed
 coyoteRequest.uploadLocationInvalid=The temporary upload location [{0}] is not valid
Index: apache-tomcat-8.0.53-src/java/org/apache/catalina/core/ApplicationHttpRequest.java
===================================================================
--- apache-tomcat-8.0.53-src.orig/java/org/apache/catalina/core/ApplicationHttpRequest.java
+++ apache-tomcat-8.0.53-src/java/org/apache/catalina/core/ApplicationHttpRequest.java
@@ -39,9 +39,11 @@ import org.apache.catalina.Globals;
 import org.apache.catalina.Manager;
 import org.apache.catalina.Session;
 import org.apache.catalina.util.ParameterMap;
+import org.apache.tomcat.util.ExceptionUtils;
 import org.apache.tomcat.util.buf.B2CConverter;
 import org.apache.tomcat.util.buf.MessageBytes;
 import org.apache.tomcat.util.http.Parameters;
+import org.apache.tomcat.util.res.StringManager;
 
 
 /**
@@ -64,6 +66,7 @@ class ApplicationHttpRequest extends Htt
 
     // ------------------------------------------------------- Static Variables
 
+    private static final StringManager sm = StringManager.getManager(ApplicationHttpRequest.class);
 
     /**
      * The set of attribute names that are special for request dispatchers.
@@ -619,7 +622,12 @@ class ApplicationHttpRequest extends Htt
      */
     public void recycle() {
         if (session != null) {
-            session.endAccess();
+            try {
+                session.endAccess();
+            } catch (Throwable t) {
+                ExceptionUtils.handleThrowable(t);
+                context.getLogger().warn(sm.getString("applicationHttpRequest.sessionEndAccessFail"), t);
+            }
         }
     }
 
Index: apache-tomcat-8.0.53-src/java/org/apache/catalina/connector/Request.java
===================================================================
--- apache-tomcat-8.0.53-src.orig/java/org/apache/catalina/connector/Request.java
+++ apache-tomcat-8.0.53-src/java/org/apache/catalina/connector/Request.java
@@ -471,8 +471,9 @@ public class Request
             for (Part part: parts) {
                 try {
                     part.delete();
-                } catch (IOException ignored) {
-                    // ApplicationPart.delete() never throws an IOEx
+                } catch (Throwable t) {
+                    ExceptionUtils.handleThrowable(t);
+                    log.warn(sm.getString("coyoteRequest.deletePartFailed", part.getName()), t);
                 }
             }
             parts = null;
@@ -522,8 +523,8 @@ public class Request
         asyncSupported = null;
         if (asyncContext!=null) {
             asyncContext.recycle();
+            asyncContext = null;
         }
-        asyncContext = null;
 
         pathParameters.clear();
     }
Index: apache-tomcat-8.0.53-src/java/org/apache/catalina/core/LocalStrings.properties
===================================================================
--- apache-tomcat-8.0.53-src.orig/java/org/apache/catalina/core/LocalStrings.properties
+++ apache-tomcat-8.0.53-src/java/org/apache/catalina/core/LocalStrings.properties
@@ -52,6 +52,7 @@ applicationFilterRegistration.nullInitPa
 applicationFilterRegistration.nullInitParams=Unable to set initialisation parameters for filter due to null name and/or value. Name [{0}], Value [{1}]
 applicationServletRegistration.setServletSecurity.iae=Null constraint specified for servlet [{0}] deployed to context with name [{1}]
 applicationServletRegistration.setServletSecurity.ise=Security constraints can''t be added to servlet [{0}] deployed to context with name [{1}] as the context has already been initialised
+applicationHttpRequest.sessionEndAccessFail=Exception triggered ending access to session while recycling request
 applicationSessionCookieConfig.ise=Property {0} can not be added to SessionCookieConfig for context {1} as the context has been initialised
 aprListener.aprInit=The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: {0}
 aprListener.aprInitDebug=The APR based Apache Tomcat Native library could not be found using names [{0}] on the java.library.path [{1}]. The errors reported were [{2}]
Index: apache-tomcat-8.0.53-src/java/org/apache/tomcat/util/buf/B2CConverter.java
===================================================================
--- apache-tomcat-8.0.53-src.orig/java/org/apache/tomcat/util/buf/B2CConverter.java
+++ apache-tomcat-8.0.53-src/java/org/apache/tomcat/util/buf/B2CConverter.java
@@ -29,6 +29,9 @@ import java.util.HashMap;
 import java.util.Locale;
 import java.util.Map;
 
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.ExceptionUtils;
 import org.apache.tomcat.util.res.StringManager;
 
 /**
@@ -36,6 +39,8 @@ import org.apache.tomcat.util.res.String
  */
 public class B2CConverter {
 
+    private static final Log log = LogFactory.getLog(B2CConverter.class);
+
     private static final StringManager sm =
         StringManager.getManager(Constants.Package);
 
@@ -121,7 +126,12 @@ public class B2CConverter {
      * Reset the decoder state.
      */
     public void recycle() {
-        decoder.reset();
+        try {
+            decoder.reset();
+        } catch (Throwable t) {
+            ExceptionUtils.handleThrowable(t);
+            log.warn(sm.getString("b2cConverter.decoderResetFail", decoder.charset()), t);
+        }
         leftovers.position(0);
     }
 
Index: apache-tomcat-8.0.53-src/java/org/apache/tomcat/util/buf/C2BConverter.java
===================================================================
--- apache-tomcat-8.0.53-src.orig/java/org/apache/tomcat/util/buf/C2BConverter.java
+++ apache-tomcat-8.0.53-src/java/org/apache/tomcat/util/buf/C2BConverter.java
@@ -23,11 +23,19 @@ import java.nio.charset.CharsetEncoder;
 import java.nio.charset.CoderResult;
 import java.nio.charset.CodingErrorAction;
 
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.ExceptionUtils;
+import org.apache.tomcat.util.res.StringManager;
+
 /**
  * NIO based character encoder.
  */
 public final class C2BConverter {
 
+    private static final Log log = LogFactory.getLog(C2BConverter.class);
+    private static final StringManager sm = StringManager.getManager(C2BConverter.class);
+
     private final CharsetEncoder encoder;
     private ByteBuffer bb = null;
     private CharBuffer cb = null;
@@ -51,7 +59,12 @@ public final class C2BConverter {
      * Reset the encoder state.
      */
     public void recycle() {
-        encoder.reset();
+        try {
+            encoder.reset();
+        } catch (Throwable t) {
+            ExceptionUtils.handleThrowable(t);
+            log.warn(sm.getString("c2bConverter.decoderResetFail", encoder.charset()), t);
+        }
         leftovers.position(0);
     }
 
Index: apache-tomcat-8.0.53-src/java/org/apache/tomcat/util/buf/LocalStrings.properties
===================================================================
--- apache-tomcat-8.0.53-src.orig/java/org/apache/tomcat/util/buf/LocalStrings.properties
+++ apache-tomcat-8.0.53-src/java/org/apache/tomcat/util/buf/LocalStrings.properties
@@ -13,7 +13,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+b2cConverter.decoderResetFail=Failed to reset instance of decoder for character set [{0}]
 b2cConverter.unknownEncoding=The character encoding [{0}] is not supported
+
+c2bConverter.encoderResetFail=Failed to reset instance of encoder for character set [{0}]
 c2bConverter.recycleFailed=Failed to recycle the C2B Converter. Creating new BufferedWriter, WriteConvertor and IntermediateOutputStream.
 
 hexUtils.fromHex.oddDigits=The input must consist of an even number of hex digits
Index: apache-tomcat-8.0.53-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-8.0.53-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-8.0.53-src/webapps/docs/changelog.xml
@@ -159,6 +159,10 @@
       <fix>
         Avoid protocol relative redirects in FORM authentication. (markt)
       </fix>
+      <add>
+        Improve handling of failures within <code>recycle()</code> methods.
+        (markt)
+      </add>
     </changelog>
   </subsection>
   <subsection name="Coyote">
openSUSE Build Service is sponsored by