1
Description: fix regression from the CVE-2012-0022 security fix that
3
Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=1229027
4
Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=52384
6
Index: tomcat6-6.0.35/java/org/apache/tomcat/util/http/LocalStrings.properties
7
===================================================================
8
--- tomcat6-6.0.35.orig/java/org/apache/tomcat/util/http/LocalStrings.properties 2011-11-12 03:36:55.000000000 -0500
9
+++ tomcat6-6.0.35/java/org/apache/tomcat/util/http/LocalStrings.properties 2012-02-13 09:03:10.865891860 -0500
11
parameters.copyFail=Failed to create copy of original parameter values for debug logging purposes
12
parameters.decodeFail.debug=Character decoding failed. Parameter [{0}] with value [{1}] has been ignored.
13
parameters.decodeFail.info=Character decoding failed. Parameter [{0}] with value [{1}] has been ignored. Note that the name and value quoted here may be corrupted due to the failed decoding. Use debug level logging to see the original, non-corrupted values.
14
+parameters.emptyChunk=Empty parameter chunk ignored
15
parameters.invalidChunk=Invalid chunk starting at byte [{0}] and ending at byte [{1}] with a value of [{2}] ignored
16
parameters.maxCountFail=More than the maximum number of request parameters (GET plus POST) for a single request ([{0}]) were detected. Any parameters beyond this limit have been ignored. To change this limit, set the maxParameterCount attribute on the Connector.
17
parameters.multipleDecodingFail=Character decoding failed. A total of [{0}] failures were detected but only the first was logged. Enable debug level logging for this logger to log all failures.
18
Index: tomcat6-6.0.35/java/org/apache/tomcat/util/http/Parameters.java
19
===================================================================
20
--- tomcat6-6.0.35.orig/java/org/apache/tomcat/util/http/Parameters.java 2011-11-25 16:11:35.000000000 -0500
21
+++ tomcat6-6.0.35/java/org/apache/tomcat/util/http/Parameters.java 2012-02-13 09:03:10.889891861 -0500
25
if (nameEnd <= nameStart ) {
26
+ if (valueStart == -1) {
28
+ if (log.isDebugEnabled()) {
29
+ log.debug(sm.getString("parameters.emptyChunk"));
31
+ // Do not flag as error
35
if (log.isInfoEnabled()) {
36
if (valueEnd >= nameStart && log.isDebugEnabled()) {
37
String extract = null;
41
tmpName.setBytes(bytes, nameStart, nameEnd - nameStart);
42
- tmpValue.setBytes(bytes, valueStart, valueEnd - valueStart);
43
+ if (valueStart >= 0) {
44
+ tmpValue.setBytes(bytes, valueStart, valueEnd - valueStart);
46
+ tmpValue.setBytes(bytes, 0, 0);
49
// Take copies as if anything goes wrong originals will be
50
// corrupted. This means original values can be logged.
52
if (log.isDebugEnabled()) {
54
origName.append(bytes, nameStart, nameEnd - nameStart);
55
- origValue.append(bytes, valueStart, valueEnd - valueStart);
56
+ if (valueStart >= 0) {
57
+ origValue.append(bytes, valueStart, valueEnd - valueStart);
59
+ origValue.append(bytes, 0, 0);
61
} catch (IOException ioe) {
62
// Should never happen...
63
log.error(sm.getString("parameters.copyFail"), ioe);
65
tmpName.setCharset(charset);
66
name = tmpName.toString();
69
- urlDecode(tmpValue);
70
+ if (valueStart >= 0) {
72
+ urlDecode(tmpValue);
74
+ tmpValue.setCharset(charset);
75
+ value = tmpValue.toString();
79
- tmpValue.setCharset(charset);
80
- value = tmpValue.toString();
82
addParam(name, value);
83
} catch (IOException e) {