Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
tomcat
tomcat-8.0.53-CVE-2020-13935.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tomcat-8.0.53-CVE-2020-13935.patch of Package tomcat
Index: apache-tomcat-8.0.53-src/java/org/apache/tomcat/websocket/LocalStrings.properties =================================================================== --- apache-tomcat-8.0.53-src.orig/java/org/apache/tomcat/websocket/LocalStrings.properties +++ apache-tomcat-8.0.53-src/java/org/apache/tomcat/websocket/LocalStrings.properties @@ -66,6 +66,7 @@ wsFrame.partialHeaderComplete=WebSocket wsFrame.sessionClosed=The client data cannot be processed because the session has already been closed wsFrame.textMessageTooBig=The decoded text message was too big for the output buffer and the endpoint does not support partial messages wsFrame.wrongRsv=The client frame set the reserved bits to [{0}] for a message with opCode [{1}] which was not supported by this endpoint +wsFrame.payloadMsbInvalid=An invalid WebSocket frame was received - the most significant bit of a 64-bit payload was illegally set wsFrameClient.ioe=Failure while reading data sent by server @@ -131,4 +132,4 @@ wsWebSocketContainer.missingLocationHead wsWebSocketContainer.redirectThreshold=Cyclic Location header [{0}] detected / reached max number of redirects [{1}] of max [{2}] wsWebSocketContainer.unsupportedAuthScheme=Failed to handle HTTP response code [{0}]. Unsupported Authentication scheme [{1}] returned in response wsWebSocketContainer.failedAuthentication=Failed to handle HTTP response code [{0}]. Authentication header was not accepted by server. -wsWebSocketContainer.missingWWWAuthenticateHeader=Failed to handle HTTP response code [{0}]. Missing WWW-Authenticate header in response \ No newline at end of file +wsWebSocketContainer.missingWWWAuthenticateHeader=Failed to handle HTTP response code [{0}]. Missing WWW-Authenticate header in response Index: apache-tomcat-8.0.53-src/java/org/apache/tomcat/websocket/WsFrameBase.java =================================================================== --- apache-tomcat-8.0.53-src.orig/java/org/apache/tomcat/websocket/WsFrameBase.java +++ apache-tomcat-8.0.53-src/java/org/apache/tomcat/websocket/WsFrameBase.java @@ -260,6 +260,10 @@ public abstract class WsFrameBase { readPos += 2; } else if (payloadLength == 127) { payloadLength = byteArrayToLong(inputBuffer, readPos, 8); + if (payloadLength < 0) { + throw new WsIOException( + new CloseReason(CloseCodes.PROTOCOL_ERROR, sm.getString("wsFrame.payloadMsbInvalid"))); + } readPos += 8; } if (Util.isControl(opCode)) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor