Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.4
tomcat6.import5149
apache-tomcat-CVE-2011-2526.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apache-tomcat-CVE-2011-2526.patch of Package tomcat6.import5149
Index: apache-tomcat-6.0.32-src/java/org/apache/coyote/http11/LocalStrings.properties =================================================================== --- apache-tomcat-6.0.32-src.orig/java/org/apache/coyote/http11/LocalStrings.properties 2011-02-02 20:07:32.000000000 +0100 +++ apache-tomcat-6.0.32-src/java/org/apache/coyote/http11/LocalStrings.properties 2011-07-25 14:31:03.470335065 +0200 @@ -56,6 +56,7 @@ http11processor.socket.info=Exception getting socket information http11processor.socket.ssl=Exception getting SSL attributes http11processor.socket.timeout=Error setting socket timeout +http11processor.sendfile.error=Error sending data using sendfile. May be caused by invalid request attributes for start/end points # # InternalInputBuffer Index: apache-tomcat-6.0.32-src/java/org/apache/coyote/http11/Http11AprProcessor.java =================================================================== --- apache-tomcat-6.0.32-src.orig/java/org/apache/coyote/http11/Http11AprProcessor.java 2011-02-02 20:07:32.000000000 +0100 +++ apache-tomcat-6.0.32-src/java/org/apache/coyote/http11/Http11AprProcessor.java 2011-07-25 14:31:03.471335100 +0200 @@ -910,7 +910,18 @@ sendfileData.socket = socket; sendfileData.keepAlive = keepAlive; if (!endpoint.getSendfile().add(sendfileData)) { - openSocket = true; + if (sendfileData.socket == 0) { + // Didn't send all the data but the socket is no longer + // set. Something went wrong. Close the connection. + // Too late to set status code. + if (log.isDebugEnabled()) { + log.debug(sm.getString( + "http11processor.sendfile.error")); + } + error = true; + } else { + openSocket = true; + } break; } } Index: apache-tomcat-6.0.32-src/java/org/apache/tomcat/util/net/AprEndpoint.java =================================================================== --- apache-tomcat-6.0.32-src.orig/java/org/apache/tomcat/util/net/AprEndpoint.java 2011-02-02 20:07:33.000000000 +0100 +++ apache-tomcat-6.0.32-src/java/org/apache/tomcat/util/net/AprEndpoint.java 2011-07-25 14:31:36.972496803 +0200 @@ -1812,7 +1812,9 @@ data.pos, data.end - data.pos, 0); if (nw < 0) { if (!(-nw == Status.EAGAIN)) { - destroySocket(data.socket); + Pool.destroy(data.fdpool); + // No need to close socket, this will be done by + // calling code since data.socket == 0 data.socket = 0; return false; } else { Index: apache-tomcat-6.0.32-src/java/org/apache/tomcat/util/net/NioEndpoint.java =================================================================== --- apache-tomcat-6.0.32-src.orig/java/org/apache/tomcat/util/net/NioEndpoint.java 2011-02-02 20:07:33.000000000 +0100 +++ apache-tomcat-6.0.32-src/java/org/apache/tomcat/util/net/NioEndpoint.java 2011-07-25 14:31:03.474335203 +0200 @@ -1734,6 +1734,13 @@ sd.pos += written; sd.length -= written; attachment.access(); + } else { + // Unusual not to be able to transfer any bytes + // Check the length was set correctly + if (sd.fchannel.size() <= sd.pos) { + throw new IOException("Sendfile configured to " + + "send more data than was available"); + } } } if ( sd.length <= 0 && sc.getOutboundRemaining()<=0) { @@ -1758,6 +1765,7 @@ log.debug("Send file connection is being closed"); } cancelledKey(sk,SocketStatus.STOP,false); + return false; } } else if ( attachment.interestOps() == 0 && reg ) { if (log.isDebugEnabled()) { Index: apache-tomcat-6.0.32-src/java/org/apache/catalina/servlets/DefaultServlet.java =================================================================== --- apache-tomcat-6.0.32-src.orig/java/org/apache/catalina/servlets/DefaultServlet.java 2011-02-02 20:07:32.000000000 +0100 +++ apache-tomcat-6.0.32-src/java/org/apache/catalina/servlets/DefaultServlet.java 2011-07-25 14:31:03.475335237 +0200 @@ -1619,7 +1619,6 @@ request.setAttribute("org.apache.tomcat.sendfile.start", new Long(range.start)); request.setAttribute("org.apache.tomcat.sendfile.end", new Long(range.end + 1)); } - request.setAttribute("org.apache.tomcat.sendfile.token", this); return true; } else { return false; Index: apache-tomcat-6.0.32-src/java/org/apache/catalina/connector/LocalStrings.properties =================================================================== --- apache-tomcat-6.0.32-src.orig/java/org/apache/catalina/connector/LocalStrings.properties 2011-02-02 20:07:31.000000000 +0100 +++ apache-tomcat-6.0.32-src/java/org/apache/catalina/connector/LocalStrings.properties 2011-07-25 14:32:01.120334174 +0200 @@ -62,6 +62,7 @@ coyoteRequest.postTooLarge=Parameters were not parsed because the size of the posted data was too big. Use the maxPostSize attribute of the connector to resolve this if the application should accept large POSTs. coyoteRequest.chunkedPostTooLarge=Parameters were not parsed because the size of the posted data was too big. Because this request was a chunked request, it could not be processed further. Use the maxPostSize attribute of the connector to resolve this if the application should accept large POSTs. coyoteRequest.sessionEndAccessFail=Exception triggered ending access to session while recycling request +coyoteRequest.sendfileNotCanonical=Unable to determine canonical name of file [{0}] specified for use with sendfile requestFacade.nullRequest=The request object has been recycled and is no longer associated with this facade Index: apache-tomcat-6.0.32-src/java/org/apache/catalina/connector/Request.java =================================================================== --- apache-tomcat-6.0.32-src.orig/java/org/apache/catalina/connector/Request.java 2011-02-02 20:07:31.000000000 +0100 +++ apache-tomcat-6.0.32-src/java/org/apache/catalina/connector/Request.java 2011-07-25 14:31:03.477335307 +0200 @@ -19,6 +19,7 @@ package org.apache.catalina.connector; +import java.io.File; import java.io.InputStream; import java.io.IOException; import java.io.BufferedReader; @@ -1455,6 +1456,26 @@ return; } + // Do the security check before any updates are made + if (Globals.IS_SECURITY_ENABLED && + name.equals("org.apache.tomcat.sendfile.filename")) { + // Use the canonical file name to avoid any possible symlink and + // relative path issues + String canonicalPath; + try { + canonicalPath = new File(value.toString()).getCanonicalPath(); + } catch (IOException e) { + throw new SecurityException(sm.getString( + "coyoteRequest.sendfileNotCanonical", value), e); + } + // Sendfile is performed in Tomcat's security context so need to + // check if the web app is permitted to access the file while still + // in the web app's security context + System.getSecurityManager().checkRead(canonicalPath); + // Update the value so the canonical path is used + value = canonicalPath; + } + oldValue = attributes.put(name, value); if (oldValue != null) { replaced = true;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor