1
Description: fix information disclosure via log file
2
Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=1140071
3
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632882
5
Index: tomcat6-6.0.28/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java
6
===================================================================
7
--- tomcat6-6.0.28.orig/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java 2011-09-20 10:25:53.391591677 -0400
8
+++ tomcat6-6.0.28/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java 2011-09-20 10:26:28.931591394 -0400
10
MBeanUtils.createMBean(group);
11
} catch (Exception e) {
12
IllegalArgumentException iae = new IllegalArgumentException
13
- ("Exception creating group " + group + " MBean");
14
+ ("Exception creating group [" + groupname + "] MBean");
19
MBeanUtils.createMBean(role);
20
} catch (Exception e) {
21
IllegalArgumentException iae = new IllegalArgumentException
22
- ("Exception creating role " + role + " MBean");
23
+ ("Exception creating role [" + rolename + "] MBean");
28
MBeanUtils.createMBean(user);
29
} catch (Exception e) {
30
IllegalArgumentException iae = new IllegalArgumentException
31
- ("Exception creating user " + user + " MBean");
32
+ ("Exception creating user [" + username + "] MBean");
37
return (oname.toString());
38
} catch (MalformedObjectNameException e) {
39
IllegalArgumentException iae = new IllegalArgumentException
40
- ("Cannot create object name for group " + group);
41
+ ("Cannot create object name for group [" + groupname + "]");
46
return (oname.toString());
47
} catch (MalformedObjectNameException e) {
48
IllegalArgumentException iae = new IllegalArgumentException
49
- ("Cannot create object name for role " + role);
50
+ ("Cannot create object name for role [" + rolename + "]");
55
return (oname.toString());
56
} catch (MalformedObjectNameException e) {
57
IllegalArgumentException iae = new IllegalArgumentException
58
- ("Cannot create object name for user " + user);
59
+ ("Cannot create object name for user [" + username + "]");
64
database.removeGroup(group);
65
} catch (Exception e) {
66
IllegalArgumentException iae = new IllegalArgumentException
67
- ("Exception destroying group " + group + " MBean");
68
+ ("Exception destroying group [" + groupname + "] MBean");
73
database.removeRole(role);
74
} catch (Exception e) {
75
IllegalArgumentException iae = new IllegalArgumentException
76
- ("Exception destroying role " + role + " MBean");
77
+ ("Exception destroying role [" + rolename + "] MBean");
82
database.removeUser(user);
83
} catch (Exception e) {
84
IllegalArgumentException iae = new IllegalArgumentException
85
- ("Exception destroying user " + user + " MBean");
86
+ ("Exception destroying user [" + username + "] MBean");
90
Index: tomcat6-6.0.28/java/org/apache/catalina/users/MemoryUserDatabase.java
91
===================================================================
92
--- tomcat6-6.0.28.orig/java/org/apache/catalina/users/MemoryUserDatabase.java 2011-09-20 10:26:11.651591530 -0400
93
+++ tomcat6-6.0.28/java/org/apache/catalina/users/MemoryUserDatabase.java 2011-09-20 10:26:33.601591357 -0400
96
while (values.hasNext()) {
98
- writer.println(values.next());
99
+ writer.println(((MemoryUser) values.next()).toXml());
102
// Print the file epilog
103
Index: tomcat6-6.0.28/java/org/apache/catalina/users/MemoryUser.java
104
===================================================================
105
--- tomcat6-6.0.28.orig/java/org/apache/catalina/users/MemoryUser.java 2011-09-20 10:26:04.321591591 -0400
106
+++ tomcat6-6.0.28/java/org/apache/catalina/users/MemoryUser.java 2011-09-20 10:26:31.391591375 -0400
108
* <code>username</code> or </code>name</code> for the username
111
- public String toString() {
112
+ public String toXml() {
114
StringBuffer sb = new StringBuffer("<user username=\"");
115
sb.append(RequestUtil.filter(username));
121
+ * <p>Return a String representation of this user.</p>
124
+ public String toString() {
126
+ StringBuilder sb = new StringBuilder("User username=\"");
127
+ sb.append(RequestUtil.filter(username));
129
+ if (fullName != null) {
130
+ sb.append(", fullName=\"");
131
+ sb.append(RequestUtil.filter(fullName));
134
+ synchronized (groups) {
135
+ if (groups.size() > 0) {
136
+ sb.append(", groups=\"");
138
+ Iterator<Group> values = groups.iterator();
139
+ while (values.hasNext()) {
144
+ sb.append(RequestUtil.filter(values.next().getGroupname()));
149
+ synchronized (roles) {
150
+ if (roles.size() > 0) {
151
+ sb.append(", roles=\"");
153
+ Iterator<Role> values = roles.iterator();
154
+ while (values.hasNext()) {
159
+ sb.append(RequestUtil.filter(values.next().getRolename()));
164
+ return (sb.toString());