← Back to branch summary

~ubuntu-branches/ubuntu/utopic/tomcat7/utopic-security

« back to all changes in this revision

Viewing changes to debian/patches/0017-CVE-2012-3546.patch

  • Committer: Package Import Robot
  • Author(s): tony mancill
  • Date: 2012-12-06 22:25:07 UTC
  • Revision ID: package-import@ubuntu.com-20121206222507-fbvyeapuelnwhlh4
Tags: 7.0.28-4
http://bugs.debian.org/692440
http://bugs.debian.org/695251
* Acknowledge NMU: 7.0.28-3+nmu1 (Closes: #692440)
  - Thank you to Michael Gilbert.
* Add patches for the following security issues: (Closes: #695251)
  - CVE-2012-4431, CVE-2012-3546

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/0017-CVE-2012-3546.patch
 
1
Description: Remove unneeded handling of FORM authentication in RealmBase.
 
2
 The login and error pages are handled via forward, so processing completes
 
3
 before this code is ever reached.  The action page is handled elsewhere.
 
4
 It is a fix for CVE-2012-3546.
 
5
Origin: upstream, http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892
 
6
 
 
7
--- a/java/org/apache/catalina/realm/RealmBase.java
 
8
+++ b/java/org/apache/catalina/realm/RealmBase.java
 
9
@@ -45,7 +45,6 @@
 
10
 import org.apache.catalina.Wrapper;
 
11
 import org.apache.catalina.connector.Request;
 
12
 import org.apache.catalina.connector.Response;
 
13
-import org.apache.catalina.deploy.LoginConfig;
 
14
 import org.apache.catalina.deploy.SecurityCollection;
 
15
 import org.apache.catalina.deploy.SecurityConstraint;
 
16
 import org.apache.catalina.mbeans.MBeanUtils;
 
17
@@ -819,31 +818,6 @@
 
18
         if (constraints == null || constraints.length == 0)
 
19
             return (true);
 
20
 
 
21
-        // Specifically allow access to the form login and form error pages
 
22
-        // and the "j_security_check" action
 
23
-        LoginConfig config = context.getLoginConfig();
 
24
-        if ((config != null) &&
 
25
-            (Constants.FORM_METHOD.equals(config.getAuthMethod()))) {
 
26
-            String requestURI = request.getRequestPathMB().toString();
 
27
-            String loginPage = config.getLoginPage();
 
28
-            if (loginPage.equals(requestURI)) {
 
29
-                if (log.isDebugEnabled())
 
30
-                    log.debug(" Allow access to login page " + loginPage);
 
31
-                return (true);
 
32
-            }
 
33
-            String errorPage = config.getErrorPage();
 
34
-            if (errorPage.equals(requestURI)) {
 
35
-                if (log.isDebugEnabled())
 
36
-                    log.debug(" Allow access to error page " + errorPage);
 
37
-                return (true);
 
38
-            }
 
39
-            if (requestURI.endsWith(Constants.FORM_ACTION)) {
 
40
-                if (log.isDebugEnabled())
 
41
-                    log.debug(" Allow access to username/password submission");
 
42
-                return (true);
 
43
-            }
 
44
-        }
 
45
-
 
46
         // Which user principal have we already authenticated?
 
47
         Principal principal = request.getPrincipal();
 
48
         boolean status = false;