Overview

File tomcat-9.0-CVE-2021-33037.patch of Package tomcat.22179

Index: apache-tomcat-9.0.36-src/java/org/apache/coyote/http11/Http11Processor.java
===================================================================
--- apache-tomcat-9.0.36-src.orig/java/org/apache/coyote/http11/Http11Processor.java
+++ apache-tomcat-9.0.36-src/java/org/apache/coyote/http11/Http11Processor.java
@@ -211,11 +211,8 @@ public class Http11Processor extends Abs
 
         // Parsing trims and converts to lower case.
 
-        if (encodingName.equals("identity")) {
-            // Skip
-        } else if (encodingName.equals("chunked")) {
-            inputBuffer.addActiveFilter
-                (inputFilters[Constants.CHUNKED_FILTER]);
+        if (encodingName.equals("chunked")) {
+            inputBuffer.addActiveFilter(inputFilters[Constants.CHUNKED_FILTER]);
             contentDelimitation = true;
         } else {
             for (int i = pluggableFilterIndex; i < inputFilters.length; i++) {
@@ -738,7 +735,6 @@ public class Http11Processor extends Abs
                 List<String> encodingNames = new ArrayList<>();
                 if (TokenList.parseTokenList(headers.values("transfer-encoding"), encodingNames)) {
                     for (String encodingName : encodingNames) {
-                        // "identity" codings are ignored
                         addInputFilter(inputFilters, encodingName);
                     }
                 } else {
Index: apache-tomcat-9.0.36-src/test/org/apache/coyote/http11/TestHttp11Processor.java
===================================================================
--- apache-tomcat-9.0.36-src.orig/test/org/apache/coyote/http11/TestHttp11Processor.java
+++ apache-tomcat-9.0.36-src/test/org/apache/coyote/http11/TestHttp11Processor.java
@@ -251,31 +251,6 @@ public class TestHttp11Processor extends
 
 
     @Test
-    public void testWithTEIdentity() throws Exception {
-        getTomcatInstanceTestWebapp(false, true);
-
-        String request =
-            "POST /test/echo-params.jsp HTTP/1.1" + SimpleHttpClient.CRLF +
-            "Host: any" + SimpleHttpClient.CRLF +
-            "Transfer-encoding: identity" + SimpleHttpClient.CRLF +
-            "Content-Length: 9" + SimpleHttpClient.CRLF +
-            "Content-Type: application/x-www-form-urlencoded" +
-                    SimpleHttpClient.CRLF +
-            "Connection: close" + SimpleHttpClient.CRLF +
-                SimpleHttpClient.CRLF +
-            "test=data";
-
-        Client client = new Client(getPort());
-        client.setRequest(new String[] {request});
-
-        client.connect();
-        client.processRequest();
-        Assert.assertTrue(client.isResponse200());
-        Assert.assertTrue(client.getResponseBody().contains("test - data"));
-    }
-
-
-    @Test
     public void testWithTESavedRequest() throws Exception {
         getTomcatInstanceTestWebapp(false, true);
 
@@ -1642,4 +1617,74 @@ public class TestHttp11Processor extends
             out.print(" and request.getServerPort() is " + req.getServerPort());
         }
     }
+
+
+    @Test
+    public void testTEHeaderUnknown01() throws Exception {
+        doTestTEHeaderUnknown("identity");
+    }
+
+
+    @Test
+    public void testTEHeaderUnknown02() throws Exception {
+        doTestTEHeaderUnknown("identity, chunked");
+    }
+
+
+    @Test
+    public void testTEHeaderUnknown03() throws Exception {
+        doTestTEHeaderUnknown("unknown, chunked");
+    }
+
+
+    @Test
+    public void testTEHeaderUnknown04() throws Exception {
+        doTestTEHeaderUnknown("void");
+    }
+
+
+    @Test
+    public void testTEHeaderUnknown05() throws Exception {
+        doTestTEHeaderUnknown("void, chunked");
+    }
+
+
+    @Test
+    public void testTEHeaderUnknown06() throws Exception {
+        doTestTEHeaderUnknown("void, identity");
+    }
+
+
+    @Test
+    public void testTEHeaderUnknown07() throws Exception {
+        doTestTEHeaderUnknown("identity, void");
+    }
+
+
+    private void doTestTEHeaderUnknown(String headerValue) throws Exception {
+        Tomcat tomcat = getTomcatInstance();
+
+        // No file system docBase required
+        Context ctx = tomcat.addContext("", null);
+
+        // Add servlet
+        Tomcat.addServlet(ctx, "TesterServlet", new TesterServlet(false));
+        ctx.addServletMappingDecoded("/foo", "TesterServlet");
+
+        tomcat.start();
+
+        String request =
+                "GET /foo HTTP/1.1" + SimpleHttpClient.CRLF +
+                "Host: localhost:" + getPort() + SimpleHttpClient.CRLF +
+                "Transfer-Encoding: " + headerValue + SimpleHttpClient.CRLF +
+                SimpleHttpClient.CRLF;
+
+        Client client = new Client(tomcat.getConnector().getLocalPort());
+        client.setRequest(new String[] {request});
+
+        client.connect();
+        client.processRequest(false);
+
+        Assert.assertTrue(client.isResponse501());
+    }
 }
Index: apache-tomcat-9.0.36-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.36-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.36-src/webapps/docs/changelog.xml
@@ -508,6 +508,12 @@
         Improve validation of request lines, including for HTTP/0.9 requests.
         (markt)
       </fix>
+      <fix>
+        Remove support for the <code>identity</code> transfer encoding. The
+        inclusion of this encoding in RFC 2616 was an error that was corrected
+        in 2001. Requests using this transfer encoding will now receive a 501
+        response. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="WebSocket">
@@ -2324,6 +2330,12 @@
         implemented as per section JSP.1.14.2.1 of the JSP 2.3 specification.
         (markt)
       </fix>
+      <fix>
+        Remove support for the <code>identity</code> transfer encoding. The
+        inclusion of this encoding in RFC 2616 was an error that was corrected
+        in 2001. Requests using this transfer encoding will now receive a 501
+        response. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">
openSUSE Build Service is sponsored by
Places