Overview

File jetty-5.1.14-CVE-2009-1523.patch of Package jetty5.openSUSE_12.1_Update

diff -up ./src/org/mortbay/jetty/servlet/Dispatcher.java.fix ./src/org/mortbay/jetty/servlet/Dispatcher.java
--- ./src/org/mortbay/jetty/servlet/Dispatcher.java.fix	2009-05-13 16:47:24.000000000 -0400
+++ ./src/org/mortbay/jetty/servlet/Dispatcher.java	2009-05-13 16:48:08.000000000 -0400
@@ -866,11 +866,25 @@ public class Dispatcher implements Reque
                     StringBuffer buf = _request.getRootURL();
                     
                     if (url.startsWith("/"))
-                        buf.append(URI.canonicalPath(url));
+                        buf.append(url);
                     else
-                        buf.append(URI.canonicalPath(URI.addPaths(URI.parentPath(_request.getRequestURI()),url)));
+                        buf.append(URI.addPaths(URI.parentPath(_request.getRequestURI()),url));
                     url=buf.toString();
                 }
+		URI uri = new URI(url);
+		String path = uri.getPath();
+		String canonical = URI.canonicalPath(path);
+		if (!canonical.equals(path))
+		{
+		    StringBuffer buf = _request.getRootURL();
+		    buf.append(canonical);
+		    if (uri.getQuery()!=null)
+		    {
+			buf.append('?');
+			buf.append(uri.getQuery());
+		    }
+		    url=buf.toString();
+		}
                 
                 super.sendRedirect(url);
             }
diff -up ./src/org/mortbay/jetty/servlet/ServletHttpResponse.java.fix ./src/org/mortbay/jetty/servlet/ServletHttpResponse.java
--- ./src/org/mortbay/jetty/servlet/ServletHttpResponse.java.fix	2009-05-13 16:47:39.000000000 -0400
+++ ./src/org/mortbay/jetty/servlet/ServletHttpResponse.java	2009-05-13 16:49:14.000000000 -0400
@@ -441,18 +441,34 @@ public class ServletHttpResponse impleme
         {
             StringBuffer buf = _servletHttpRequest.getHttpRequest().getRootURL();
             if (url.startsWith("/"))
-                buf.append(URI.canonicalPath(url));
+                buf.append(url);
             else
             {
                 String path=_servletHttpRequest.getRequestURI();
                 String parent=(path.endsWith("/"))?path:URI.parentPath(path);
-                url=URI.canonicalPath(URI.addPaths(parent,url));
+                url=URI.addPaths(parent,url);
                 if (!url.startsWith("/"))
                     buf.append('/');
                 buf.append(url);
             }
             
             url=buf.toString();
+            URI uri = new URI(url);
+            String path=uri.getPath();
+            String canonical=URI.canonicalPath(path);
+            if (canonical==null)
+                throw new IllegalArgumentException();
+            if (!canonical.equals(path))
+            {
+                buf = _servletHttpRequest.getHttpRequest().getRootURL();
+                buf.append(canonical);
+                if (uri.getQuery()!=null)
+                {
+                    buf.append('?');
+                    buf.append(uri.getQuery());
+                }
+                url=buf.toString();
+            }
         }
         
         resetBuffer();
openSUSE Build Service is sponsored by
Places