← Back to branch summary

~ubuntu-branches/ubuntu/vivid/tomcat6/vivid-proposed

« back to all changes in this revision

Viewing changes to debian/patches/0011-CVE-2012-0022-regression-fix.patch

  • Committer: Package Import Robot
  • Author(s): tony mancill
  • Date: 2013-08-03 21:50:20 UTC
  • mfrom: (1.2.9)
  • Revision ID: package-import@ubuntu.com-20130803215020-glb1brkoau0zxr5x
Tags: 6.0.37-1
* New upstream release.
  - Drop patches for CVE-2012-4534, CVE-2012-4431, CVE-2012-3546,
    CVE-2012-2733, CVE-2012-3439
  - Drop 0011-CVE-02012-0022-regression-fix.patch
  - Drop 0017-eclipse-compiler-update.patch
* Freshened remaining patches.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/0011-CVE-2012-0022-regression-fix.patch
1
 
Description: fix regression from the CVE-2012-0022 security fix that
2
 
 went into 6.0.35.
3
 
Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=1229027
4
 
Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=52384
5
 
 
6
 
Index: tomcat6-6.0.35/java/org/apache/tomcat/util/http/LocalStrings.properties
7
 
===================================================================
8
 
--- tomcat6-6.0.35.orig/java/org/apache/tomcat/util/http/LocalStrings.properties        2011-11-12 03:36:55.000000000 -0500
9
 
+++ tomcat6-6.0.35/java/org/apache/tomcat/util/http/LocalStrings.properties     2012-02-13 09:03:10.865891860 -0500
10
 
@@ -17,6 +17,7 @@
11
 
 parameters.copyFail=Failed to create copy of original parameter values for debug logging purposes
12
 
 parameters.decodeFail.debug=Character decoding failed. Parameter [{0}] with value [{1}] has been ignored.
13
 
 parameters.decodeFail.info=Character decoding failed. Parameter [{0}] with value [{1}] has been ignored. Note that the name and value quoted here may be corrupted due to the failed decoding. Use debug level logging to see the original, non-corrupted values.
14
 
+parameters.emptyChunk=Empty parameter chunk ignored
15
 
 parameters.invalidChunk=Invalid chunk starting at byte [{0}] and ending at byte [{1}] with a value of [{2}] ignored
16
 
 parameters.maxCountFail=More than the maximum number of request parameters (GET plus POST) for a single request ([{0}]) were detected. Any parameters beyond this limit have been ignored. To change this limit, set the maxParameterCount attribute on the Connector.
17
 
 parameters.multipleDecodingFail=Character decoding failed. A total of [{0}] failures were detected but only the first was logged. Enable debug level logging for this logger to log all failures.
18
 
Index: tomcat6-6.0.35/java/org/apache/tomcat/util/http/Parameters.java
19
 
===================================================================
20
 
--- tomcat6-6.0.35.orig/java/org/apache/tomcat/util/http/Parameters.java        2011-11-25 16:11:35.000000000 -0500
21
 
+++ tomcat6-6.0.35/java/org/apache/tomcat/util/http/Parameters.java     2012-02-13 09:03:10.889891861 -0500
22
 
@@ -314,6 +314,15 @@
23
 
             }
24
 
             
25
 
             if (nameEnd <= nameStart ) {
26
 
+                if (valueStart == -1) {
27
 
+                    // &&
28
 
+                    if (log.isDebugEnabled()) {
29
 
+                        log.debug(sm.getString("parameters.emptyChunk"));
30
 
+                    }
31
 
+                    // Do not flag as error
32
 
+                    continue;
33
 
+                }
34
 
+                // &=foo&
35
 
                 if (log.isInfoEnabled()) {
36
 
                     if (valueEnd >= nameStart && log.isDebugEnabled()) {
37
 
                         String extract = null;
38
 
@@ -341,7 +350,11 @@
39
 
             }
40
 
             
41
 
             tmpName.setBytes(bytes, nameStart, nameEnd - nameStart);
42
 
-            tmpValue.setBytes(bytes, valueStart, valueEnd - valueStart);
43
 
+            if (valueStart >= 0) {
44
 
+                tmpValue.setBytes(bytes, valueStart, valueEnd - valueStart);
45
 
+            } else {
46
 
+                tmpValue.setBytes(bytes, 0, 0);
47
 
+            }
48
 
 
49
 
             // Take copies as if anything goes wrong originals will be
50
 
             // corrupted. This means original values can be logged.
51
 
@@ -349,7 +362,11 @@
52
 
             if (log.isDebugEnabled()) {
53
 
                 try {
54
 
                     origName.append(bytes, nameStart, nameEnd - nameStart);
55
 
-                    origValue.append(bytes, valueStart, valueEnd - valueStart);
56
 
+                    if (valueStart >= 0) {
57
 
+                        origValue.append(bytes, valueStart, valueEnd - valueStart);
58
 
+                    } else {
59
 
+                        origValue.append(bytes, 0, 0);
60
 
+                    }
61
 
                 } catch (IOException ioe) {
62
 
                     // Should never happen...
63
 
                     log.error(sm.getString("parameters.copyFail"), ioe);
64
 
@@ -366,11 +383,15 @@
65
 
                 tmpName.setCharset(charset);
66
 
                 name = tmpName.toString();
67
 
 
68
 
-                if (decodeValue) {
69
 
-                    urlDecode(tmpValue);
70
 
+                if (valueStart >= 0) {
71
 
+                    if (decodeValue) {
72
 
+                        urlDecode(tmpValue);
73
 
+                    }
74
 
+                    tmpValue.setCharset(charset);
75
 
+                    value = tmpValue.toString();
76
 
+                } else {
77
 
+                    value = "";
78
 
                 }
79
 
-                tmpValue.setCharset(charset);
80
 
-                value = tmpValue.toString();
81
 
 
82
 
                 addParam(name, value);
83
 
             } catch (IOException e) {