File tomcat-8.0.53-CVE-2025-24813.patch of Package tomcat.37849

Index: apache-tomcat-8.0.53-src/java/org/apache/catalina/servlets/DefaultServlet.java
===================================================================
--- apache-tomcat-8.0.53-src.orig/java/org/apache/catalina/servlets/DefaultServlet.java
+++ apache-tomcat-8.0.53-src/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -518,15 +518,15 @@ public class DefaultServlet extends Http
         Range range = parseContentRange(req, resp);
 
         InputStream resourceInputStream = null;
-
+        File tempContentFile = null;
         try {
             // Append data specified in ranges to existing content for this
             // resource - create a temp. file on the local filesystem to
             // perform this operation
             // Assume just one range is specified for now
             if (range != null) {
-                File contentFile = executePartialPut(req, range, path);
-                resourceInputStream = new FileInputStream(contentFile);
+                tempContentFile = executePartialPut(req, range, path);
+                resourceInputStream = new FileInputStream(tempContentFile);
             } else {
                 resourceInputStream = req.getInputStream();
             }
@@ -548,6 +548,9 @@ public class DefaultServlet extends Http
                     // Ignore
                 }
             }
+            if (tempContentFile != null) {
+                tempContentFile.delete();
+            }
         }
     }
 
@@ -566,13 +569,7 @@ public class DefaultServlet extends Http
         // perform this operation
         File tempDir = (File) getServletContext().getAttribute
             (ServletContext.TEMPDIR);
-        // Convert all '/' characters to '.' in resourcePath
-        String convertedResourcePath = path.replace('/', '.');
-        File contentFile = new File(tempDir, convertedResourcePath);
-        if (contentFile.createNewFile()) {
-            // Clean up contentFile when Tomcat is terminated
-            contentFile.deleteOnExit();
-        }
+        File contentFile = File.createTempFile("put-part-", null, tempDir);
 
         try (RandomAccessFile randAccessContentFile =
             new RandomAccessFile(contentFile, "rw");) {
Index: apache-tomcat-8.0.53-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-8.0.53-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-8.0.53-src/webapps/docs/changelog.xml
@@ -224,6 +224,9 @@
         <code>catalina.policy</code> file. This is a follow-up to the fix for
         <bug>43925</bug>. (kkolinko/markt)
       </fix>
+      <fix>
+        Enhance lifecycle of temporary files used by partial PUT. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Cluster">