Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/tomcat/patches/CVE-2011-3190.patch
author Petr Sumbera <petr.sumbera@oracle.com>
Fri, 02 Sep 2011 06:01:11 -0700
changeset 509 07ee58881cb3
permissions -rw-r--r--
7086335 Problem with utility/apache
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
509
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
     1
 
--- trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java	2011/08/29 19:45:13	1162958
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
     2
 
+++ trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java	2011/08/29 19:45:42	1162959
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
     3
 
@@ -405,11 +405,13 @@
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
     4
 
                     }
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
     5
 
                     continue;
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
     6
 
                 } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
     7
 
-                    // Usually the servlet didn't read the previous request body
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
     8
 
-                    if(log.isDebugEnabled()) {
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
     9
 
-                        log.debug("Unexpected message: "+type);
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    10
 
+                    // Unexpected packet type. Unread body packets should have
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    11
 
+                    // been swallowed in finish().
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    12
 
+                    if (log.isDebugEnabled()) {
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    13
 
+                        log.debug("Unexpected message: " + type);
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    14
 
                     }
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    15
 
-                    continue;
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    16
 
+                    error = true;
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    17
 
+                    break;
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    18
 
                 }
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    19
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    20
 
                 keptAlive = true;
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    21
 
@@ -1056,6 +1058,11 @@
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    22
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    23
 
         finished = true;
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    24
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    25
 
+        // Swallow the unread body packet if present
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    26
 
+        if (first && request.getContentLengthLong() > 0) {
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    27
 
+            receive();
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    28
 
+        }
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    29
 
+
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    30
 
         // Add the end message
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    31
 
         if (outputBuffer.position() + endMessageArray.length > outputBuffer.capacity()) {
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    32
 
             flush();
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    33
 
--- trunk/java/org/apache/coyote/ajp/AjpProcessor.java	2011/08/29 19:45:13	1162958
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    34
 
+++ trunk/java/org/apache/coyote/ajp/AjpProcessor.java	2011/08/29 19:45:42	1162959
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    35
 
@@ -423,11 +423,13 @@
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    36
 
                     }
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    37
 
                     continue;
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    38
 
                 } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    39
 
-                    // Usually the servlet didn't read the previous request body
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    40
 
-                    if(log.isDebugEnabled()) {
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    41
 
-                        log.debug("Unexpected message: "+type);
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    42
 
+                    // Unexpected packet type. Unread body packets should have
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    43
 
+                    // been swallowed in finish().
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    44
 
+                    if (log.isDebugEnabled()) {
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    45
 
+                        log.debug("Unexpected message: " + type);
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    46
 
                     }
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    47
 
-                    continue;
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    48
 
+                    error = true;
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    49
 
+                    break;
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    50
 
                 }
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    51
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    52
 
                 request.setStartTime(System.currentTimeMillis());
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    53
 
@@ -1061,6 +1063,11 @@
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    54
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    55
 
         finished = true;
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    56
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    57
 
+        // Swallow the unread body packet if present
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    58
 
+        if (first && request.getContentLengthLong() > 0) {
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    59
 
+            receive();
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    60
 
+        }
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    61
 
+
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    62
 
         // Add the end message
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    63
 
         output.write(endMessageArray);
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    64
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    65
 
--- trunk/webapps/docs/changelog.xml	2011/08/29 19:45:13	1162958
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    66
 
+++ trunk/webapps/docs/changelog.xml	2011/08/29 19:45:42	1162959
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    67
 
@@ -52,6 +52,14 @@
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    68
 
       </fix>
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    69
 
     </changelog>
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    70
 
   </subsection>
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    71
 
+  <subsection name="Coyote">
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    72
 
+    <changelog>
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    73
 
+      <fix>
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    74
 
+        <bug>51698</bug>: Fix CVE-2011-3190. Prevent AJP message injection.
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    75
 
+        (markt)
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    76
 
+      </fix>
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    77
 
+    </changelog>
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    78
 
+  </subsection>
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    79
 
 </section>
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    80
 
 <section name="Tomcat 6.0.33 (jfclere)" rtext="released 2011-08-18">
07ee58881cb3 7086335 Problem with utility/apache
Petr Sumbera <petr.sumbera@oracle.com>
parents:
diff changeset 
    81
 
   <subsection name="Catalina">
upstream/oracle/userland-gate