File tomcat-9.0.36-CVE-2023-41080.patch of Package tomcat.32131

Overview Repositories Revisions Requests Users Attributes Meta

File tomcat-9.0.36-CVE-2023-41080.patch of Package tomcat.32131

From 77c0ce2d169efa248b64b992e547aad549ec906b Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Tue, 22 Aug 2023 11:31:23 -0700
Subject: [PATCH] Avoid protocol relative redirects

---
 .../apache/catalina/authenticator/FormAuthenticator.java    | 6 ++++++
 webapps/docs/changelog.xml                                  | 3 +++
 2 files changed, 9 insertions(+)

Index: apache-tomcat-9.0.36-src/java/org/apache/catalina/authenticator/FormAuthenticator.java
===================================================================
--- apache-tomcat-9.0.36-src.orig/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ apache-tomcat-9.0.36-src/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -720,6 +720,12 @@ public class FormAuthenticator
             sb.append('?');
             sb.append(saved.getQueryString());
         }
+
+        // Avoid protocol relative redirects
+        while (sb.length() > 1 && sb.charAt(1) == '/') {
+            sb.deleteCharAt(0);
+        }
+
         return sb.toString();
     }
 }
Index: apache-tomcat-9.0.36-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.36-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.36-src/webapps/docs/changelog.xml
@@ -108,6 +108,9 @@
         <code>RemoteIpFilter</code> determines that this request was submitted
         via a secure channel. (lihan)
       </fix>
+      <fix>
+        Avoid protocol relative redirects in FORM authentication. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">

Places

File tomcat-9.0.36-CVE-2023-41080.patch of Package tomcat.32131

Places