Overview

File apache-tomcat-CVE-2011-3190.patch of Package tomcat6.import5619

Index: apache-tomcat-6.0.32-src/java/org/apache/coyote/ajp/AjpProcessor.java
===================================================================
--- apache-tomcat-6.0.32-src/java/org/apache/coyote/ajp/AjpProcessor.java	(revision 1162958)
+++ apache-tomcat-6.0.32-src/java/org/apache/coyote/ajp/AjpProcessor.java	(revision 1162959)
@@ -423,11 +423,13 @@
                     }
                     continue;
                 } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
-                    // Usually the servlet didn't read the previous request body
-                    if(log.isDebugEnabled()) {
-                        log.debug("Unexpected message: "+type);
+                    // Unexpected packet type. Unread body packets should have
+                    // been swallowed in finish().
+                    if (log.isDebugEnabled()) {
+                        log.debug("Unexpected message: " + type);
                     }
-                    continue;
+                    error = true;
+                    break;
                 }
 
                 request.setStartTime(System.currentTimeMillis());
@@ -1061,6 +1063,11 @@
 
         finished = true;
 
+        // Swallow the unread body packet if present
+        if (first && request.getContentLengthLong() > 0) {
+            receive();
+        }
+        
         // Add the end message
         output.write(endMessageArray);
 
Index: apache-tomcat-6.0.32-src/java/org/apache/coyote/ajp/AjpAprProcessor.java
===================================================================
--- apache-tomcat-6.0.32-src/java/org/apache/coyote/ajp/AjpAprProcessor.java	(revision 1162958)
+++ apache-tomcat-6.0.32-src/java/org/apache/coyote/ajp/AjpAprProcessor.java	(revision 1162959)
@@ -405,11 +405,13 @@
                     }
                     continue;
                 } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
-                    // Usually the servlet didn't read the previous request body
-                    if(log.isDebugEnabled()) {
-                        log.debug("Unexpected message: "+type);
+                    // Unexpected packet type. Unread body packets should have
+                    // been swallowed in finish().
+                    if (log.isDebugEnabled()) {
+                        log.debug("Unexpected message: " + type);
                     }
-                    continue;
+                    error = true;
+                    break;
                 }
 
                 keptAlive = true;
@@ -1056,6 +1058,11 @@
 
         finished = true;
 
+        // Swallow the unread body packet if present
+        if (first && request.getContentLengthLong() > 0) {
+            receive();
+        }
+        
         // Add the end message
         if (outputBuffer.position() + endMessageArray.length > outputBuffer.capacity()) {
             flush();
openSUSE Build Service is sponsored by
Places