Overview

File tomcat-9.0-CVE-2021-25329.patch of Package tomcat.29138

Index: apache-tomcat-9.0.36-src/java/org/apache/catalina/servlets/DefaultServlet.java
===================================================================
--- apache-tomcat-9.0.36-src.orig/java/org/apache/catalina/servlets/DefaultServlet.java
+++ apache-tomcat-9.0.36-src/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -2131,7 +2131,7 @@ public class DefaultServlet extends Http
 
         // First check that the resulting path is under the provided base
         try {
-            if (!candidate.getCanonicalPath().startsWith(base.getCanonicalPath())) {
+            if (!candidate.getCanonicalFile().toPath().startsWith(base.getCanonicalFile().toPath())) {
                 return null;
             }
         } catch (IOException ioe) {
Index: apache-tomcat-9.0.36-src/java/org/apache/catalina/session/FileStore.java
===================================================================
--- apache-tomcat-9.0.36-src.orig/java/org/apache/catalina/session/FileStore.java
+++ apache-tomcat-9.0.36-src/java/org/apache/catalina/session/FileStore.java
@@ -351,7 +351,7 @@ public final class FileStore extends Sto
         File file = new File(storageDir, filename);
 
         // Check the file is within the storage directory
-        if (!file.getCanonicalPath().startsWith(storageDir.getCanonicalPath())) {
+        if (!file.getCanonicalFile().toPath().startsWith(storageDir.getCanonicalFile().toPath())) {
             log.warn(sm.getString("fileStore.invalid", file.getPath(), id));
             return null;
         }
Index: apache-tomcat-9.0.36-src/java/org/apache/catalina/startup/ContextConfig.java
===================================================================
--- apache-tomcat-9.0.36-src.orig/java/org/apache/catalina/startup/ContextConfig.java
+++ apache-tomcat-9.0.36-src/java/org/apache/catalina/startup/ContextConfig.java
@@ -653,7 +653,8 @@ public class ContextConfig implements Li
         String docBaseCanonical = docBaseAbsoluteFile.getCanonicalPath();
 
         // Re-calculate now docBase is a canonical path
-        boolean docBaseCanonicalInAppBase = docBaseCanonical.startsWith(appBase.getPath() + File.separatorChar);
+        boolean docBaseCanonicalInAppBase =
+                docBaseAbsoluteFile.getCanonicalFile().toPath().startsWith(appBase.toPath());
         String docBase;
         if (docBaseCanonicalInAppBase) {
             docBase = docBaseCanonical.substring(appBase.getPath().length());
Index: apache-tomcat-9.0.36-src/java/org/apache/catalina/startup/ExpandWar.java
===================================================================
--- apache-tomcat-9.0.36-src.orig/java/org/apache/catalina/startup/ExpandWar.java
+++ apache-tomcat-9.0.36-src/java/org/apache/catalina/startup/ExpandWar.java
@@ -26,6 +26,7 @@ import java.net.JarURLConnection;
 import java.net.URL;
 import java.net.URLConnection;
 import java.nio.channels.FileChannel;
+import java.nio.file.Path;
 import java.util.Enumeration;
 import java.util.jar.JarEntry;
 import java.util.jar.JarFile;
@@ -116,10 +117,7 @@ public class ExpandWar {
         }
 
         // Expand the WAR into the new document base directory
-        String canonicalDocBasePrefix = docBase.getCanonicalPath();
-        if (!canonicalDocBasePrefix.endsWith(File.separator)) {
-            canonicalDocBasePrefix += File.separator;
-        }
+        Path canonicalDocBasePath = docBase.getCanonicalFile().toPath();
 
         // Creating war tracker parent (normally META-INF)
         File warTrackerParent = warTracker.getParentFile();
@@ -134,14 +132,13 @@ public class ExpandWar {
                 JarEntry jarEntry = jarEntries.nextElement();
                 String name = jarEntry.getName();
                 File expandedFile = new File(docBase, name);
-                if (!expandedFile.getCanonicalPath().startsWith(
-                        canonicalDocBasePrefix)) {
+                if (!expandedFile.getCanonicalFile().toPath().startsWith(canonicalDocBasePath)) {
                     // Trying to expand outside the docBase
                     // Throw an exception to stop the deployment
                     throw new IllegalArgumentException(
                             sm.getString("expandWar.illegalPath",war, name,
                                     expandedFile.getCanonicalPath(),
-                                    canonicalDocBasePrefix));
+                                    canonicalDocBasePath));
                 }
                 int last = name.lastIndexOf('/');
                 if (last >= 0) {
@@ -217,10 +214,7 @@ public class ExpandWar {
         File docBase = new File(host.getAppBaseFile(), pathname);
 
         // Calculate the document base directory
-        String canonicalDocBasePrefix = docBase.getCanonicalPath();
-        if (!canonicalDocBasePrefix.endsWith(File.separator)) {
-            canonicalDocBasePrefix += File.separator;
-        }
+        Path canonicalDocBasePath = docBase.getCanonicalFile().toPath();
         JarURLConnection juc = (JarURLConnection) war.openConnection();
         juc.setUseCaches(false);
         try (JarFile jarFile = juc.getJarFile()) {
@@ -229,14 +223,13 @@ public class ExpandWar {
                 JarEntry jarEntry = jarEntries.nextElement();
                 String name = jarEntry.getName();
                 File expandedFile = new File(docBase, name);
-                if (!expandedFile.getCanonicalPath().startsWith(
-                        canonicalDocBasePrefix)) {
+                if (!expandedFile.getCanonicalFile().toPath().startsWith(canonicalDocBasePath)) {
                     // Entry located outside the docBase
                     // Throw an exception to stop the deployment
                     throw new IllegalArgumentException(
                             sm.getString("expandWar.illegalPath",war, name,
                                     expandedFile.getCanonicalPath(),
-                                    canonicalDocBasePrefix));
+                                    canonicalDocBasePath));
                 }
             }
         } catch (IOException e) {
Index: apache-tomcat-9.0.36-src/java/org/apache/catalina/startup/HostConfig.java
===================================================================
--- apache-tomcat-9.0.36-src.orig/java/org/apache/catalina/startup/HostConfig.java
+++ apache-tomcat-9.0.36-src/java/org/apache/catalina/startup/HostConfig.java
@@ -598,8 +598,7 @@ public class HostConfig implements Lifec
                     docBase = new File(host.getAppBaseFile(), context.getDocBase());
                 }
                 // If external docBase, register .xml as redeploy first
-                if (!docBase.getCanonicalPath().startsWith(
-                        host.getAppBaseFile().getAbsolutePath() + File.separator)) {
+                if (!docBase.getCanonicalFile().toPath().startsWith(host.getAppBaseFile().toPath())) {
                     isExternal = true;
                     deployedApp.redeployResources.put(
                             contextXml.getAbsolutePath(),
Index: apache-tomcat-9.0.36-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.36-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.36-src/webapps/docs/changelog.xml
@@ -163,6 +163,10 @@
       <update>
         Update dependency on bnd to 5.1.0. (markt)
       </update>
+      <scode>
+        Use <code>java.nio.file.Path</code> to test for one directory being a
+        sub-directory of another in a consistent way. (markt)
+      </scode>
     </changelog>
   </subsection>
 </section>
openSUSE Build Service is sponsored by
Places