Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/tomcat/patches/CVE-2011-3190.patch
changeset 657 5ec76cbd6116
parent 656 91ada9bbfbd6
child 658 714803fd87a0 
--- a/components/tomcat/patches/CVE-2011-3190.patch	Thu Jan 19 01:59:17 2012 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,81 +0,0 @@
---- trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java	2011/08/29 19:45:13	1162958
-+++ trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java	2011/08/29 19:45:42	1162959
-@@ -405,11 +405,13 @@
-                     }
-                     continue;
-                 } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
--                    // Usually the servlet didn't read the previous request body
--                    if(log.isDebugEnabled()) {
--                        log.debug("Unexpected message: "+type);
-+                    // Unexpected packet type. Unread body packets should have
-+                    // been swallowed in finish().
-+                    if (log.isDebugEnabled()) {
-+                        log.debug("Unexpected message: " + type);
-                     }
--                    continue;
-+                    error = true;
-+                    break;
-                 }
- 
-                 keptAlive = true;
-@@ -1056,6 +1058,11 @@
- 
-         finished = true;
- 
-+        // Swallow the unread body packet if present
-+        if (first && request.getContentLengthLong() > 0) {
-+            receive();
-+        }
-+        
-         // Add the end message
-         if (outputBuffer.position() + endMessageArray.length > outputBuffer.capacity()) {
-             flush();
---- trunk/java/org/apache/coyote/ajp/AjpProcessor.java	2011/08/29 19:45:13	1162958
-+++ trunk/java/org/apache/coyote/ajp/AjpProcessor.java	2011/08/29 19:45:42	1162959
-@@ -423,11 +423,13 @@
-                     }
-                     continue;
-                 } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
--                    // Usually the servlet didn't read the previous request body
--                    if(log.isDebugEnabled()) {
--                        log.debug("Unexpected message: "+type);
-+                    // Unexpected packet type. Unread body packets should have
-+                    // been swallowed in finish().
-+                    if (log.isDebugEnabled()) {
-+                        log.debug("Unexpected message: " + type);
-                     }
--                    continue;
-+                    error = true;
-+                    break;
-                 }
- 
-                 request.setStartTime(System.currentTimeMillis());
-@@ -1061,6 +1063,11 @@
- 
-         finished = true;
- 
-+        // Swallow the unread body packet if present
-+        if (first && request.getContentLengthLong() > 0) {
-+            receive();
-+        }
-+        
-         // Add the end message
-         output.write(endMessageArray);
- 
---- trunk/webapps/docs/changelog.xml	2011/08/29 19:45:13	1162958
-+++ trunk/webapps/docs/changelog.xml	2011/08/29 19:45:42	1162959
-@@ -52,6 +52,14 @@
-       </fix>
-     </changelog>
-   </subsection>
-+  <subsection name="Coyote">
-+    <changelog>
-+      <fix>
-+        <bug>51698</bug>: Fix CVE-2011-3190. Prevent AJP message injection.
-+        (markt)
-+      </fix>
-+    </changelog>
-+  </subsection>
- </section>
- <section name="Tomcat 6.0.33 (jfclere)" rtext="released 2011-08-18">
-   <subsection name="Catalina">
upstream/oracle/userland-gate