Overview

File tomcat-9.0.36-CVE-2025-24813.patch of Package tomcat.39019

Index: apache-tomcat-9.0.36-src/java/org/apache/catalina/servlets/DefaultServlet.java
===================================================================
--- apache-tomcat-9.0.36-src.orig/java/org/apache/catalina/servlets/DefaultServlet.java
+++ apache-tomcat-9.0.36-src/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -621,7 +621,7 @@ public class DefaultServlet extends Http
         }
 
         InputStream resourceInputStream = null;
-
+        File tempContentFile = null;
         try {
             // Append data specified in ranges to existing content for this
             // resource - create a temp. file on the local filesystem to
@@ -630,8 +630,8 @@ public class DefaultServlet extends Http
             if (range == IGNORE) {
                 resourceInputStream = req.getInputStream();
             } else {
-                File contentFile = executePartialPut(req, range, path);
-                resourceInputStream = new FileInputStream(contentFile);
+                tempContentFile = executePartialPut(req, range, path);
+                resourceInputStream = new FileInputStream(tempContentFile);
             }
 
             if (resources.write(path, resourceInputStream, true)) {
@@ -651,6 +651,9 @@ public class DefaultServlet extends Http
                     // Ignore
                 }
             }
+            if (tempContentFile != null) {
+                tempContentFile.delete();
+            }
         }
     }
 
@@ -674,13 +677,7 @@ public class DefaultServlet extends Http
         // perform this operation
         File tempDir = (File) getServletContext().getAttribute
             (ServletContext.TEMPDIR);
-        // Convert all '/' characters to '.' in resourcePath
-        String convertedResourcePath = path.replace('/', '.');
-        File contentFile = new File(tempDir, convertedResourcePath);
-        if (contentFile.createNewFile()) {
-            // Clean up contentFile when Tomcat is terminated
-            contentFile.deleteOnExit();
-        }
+        File contentFile = File.createTempFile("put-part-", null, tempDir);
 
         try (RandomAccessFile randAccessContentFile =
             new RandomAccessFile(contentFile, "rw")) {
Index: apache-tomcat-9.0.36-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.36-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.36-src/webapps/docs/changelog.xml
@@ -213,6 +213,9 @@
         Language API is able to load classes from the Java runtime when running
         under a SecurityManager. Based on a patch by Volodymyr Siedleck. (markt)
       </fix>
+      <fix>
+        Enhance lifecycle of temporary files used by partial PUT. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="WebSocket">
openSUSE Build Service is sponsored by
Places