--- trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java 2011/08/29 19:45:13 1162958
+++ trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java 2011/08/29 19:45:42 1162959
@@ -405,11 +405,13 @@
}
continue;
} else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
- // Usually the servlet didn't read the previous request body
- if(log.isDebugEnabled()) {
- log.debug("Unexpected message: "+type);
+ // Unexpected packet type. Unread body packets should have
+ // been swallowed in finish().
+ if (log.isDebugEnabled()) {
+ log.debug("Unexpected message: " + type);
}
- continue;
+ error = true;
+ break;
}
keptAlive = true;
@@ -1056,6 +1058,11 @@
finished = true;
+ // Swallow the unread body packet if present
+ if (first && request.getContentLengthLong() > 0) {
+ receive();
+ }
+
// Add the end message
if (outputBuffer.position() + endMessageArray.length > outputBuffer.capacity()) {
flush();
--- trunk/java/org/apache/coyote/ajp/AjpProcessor.java 2011/08/29 19:45:13 1162958
+++ trunk/java/org/apache/coyote/ajp/AjpProcessor.java 2011/08/29 19:45:42 1162959
@@ -423,11 +423,13 @@
}
continue;
} else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
- // Usually the servlet didn't read the previous request body
- if(log.isDebugEnabled()) {
- log.debug("Unexpected message: "+type);
+ // Unexpected packet type. Unread body packets should have
+ // been swallowed in finish().
+ if (log.isDebugEnabled()) {
+ log.debug("Unexpected message: " + type);
}
- continue;
+ error = true;
+ break;
}
request.setStartTime(System.currentTimeMillis());
@@ -1061,6 +1063,11 @@
finished = true;
+ // Swallow the unread body packet if present
+ if (first && request.getContentLengthLong() > 0) {
+ receive();
+ }
+
// Add the end message
output.write(endMessageArray);
--- trunk/webapps/docs/changelog.xml 2011/08/29 19:45:13 1162958
+++ trunk/webapps/docs/changelog.xml 2011/08/29 19:45:42 1162959
@@ -52,6 +52,14 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ <bug>51698</bug>: Fix CVE-2011-3190. Prevent AJP message injection.
+ (markt)
+ </fix>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 6.0.33 (jfclere)" rtext="released 2011-08-18">
<subsection name="Catalina">