Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
tomcat.26534
tomcat-9.0-CVE-2021-25329.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tomcat-9.0-CVE-2021-25329.patch of Package tomcat.26534
From 4785433a226a20df6acbea49296e1ce7e23de453 Mon Sep 17 00:00:00 2001 From: Mark Thomas <markt@apache.org> Date: Wed, 20 Jan 2021 13:28:57 +0000 Subject: [PATCH] Use java.nio.file.Path for consistent sub-directory checking --- .../catalina/servlets/DefaultServlet.java | 2 +- .../apache/catalina/session/FileStore.java | 2 +- .../catalina/startup/ContextConfig.java | 3 ++- .../apache/catalina/startup/ExpandWar.java | 21 +++++++------------ .../apache/catalina/startup/HostConfig.java | 3 +-- webapps/docs/changelog.xml | 4 ++++ 6 files changed, 16 insertions(+), 19 deletions(-) Index: apache-tomcat-9.0.36-src/java/org/apache/catalina/servlets/DefaultServlet.java =================================================================== --- apache-tomcat-9.0.36-src.orig/java/org/apache/catalina/servlets/DefaultServlet.java +++ apache-tomcat-9.0.36-src/java/org/apache/catalina/servlets/DefaultServlet.java @@ -2131,7 +2131,7 @@ public class DefaultServlet extends Http // First check that the resulting path is under the provided base try { - if (!candidate.getCanonicalPath().startsWith(base.getCanonicalPath())) { + if (!candidate.getCanonicalFile().toPath().startsWith(base.getCanonicalFile().toPath())) { return null; } } catch (IOException ioe) { Index: apache-tomcat-9.0.36-src/java/org/apache/catalina/session/FileStore.java =================================================================== --- apache-tomcat-9.0.36-src.orig/java/org/apache/catalina/session/FileStore.java +++ apache-tomcat-9.0.36-src/java/org/apache/catalina/session/FileStore.java @@ -351,7 +351,7 @@ public final class FileStore extends Sto File file = new File(storageDir, filename); // Check the file is within the storage directory - if (!file.getCanonicalPath().startsWith(storageDir.getCanonicalPath())) { + if (!file.getCanonicalFile().toPath().startsWith(storageDir.getCanonicalFile().toPath())) { log.warn(sm.getString("fileStore.invalid", file.getPath(), id)); return null; } Index: apache-tomcat-9.0.36-src/java/org/apache/catalina/startup/ContextConfig.java =================================================================== --- apache-tomcat-9.0.36-src.orig/java/org/apache/catalina/startup/ContextConfig.java +++ apache-tomcat-9.0.36-src/java/org/apache/catalina/startup/ContextConfig.java @@ -653,7 +653,8 @@ public class ContextConfig implements Li String docBaseCanonical = docBaseAbsoluteFile.getCanonicalPath(); // Re-calculate now docBase is a canonical path - boolean docBaseCanonicalInAppBase = docBaseCanonical.startsWith(appBase.getPath() + File.separatorChar); + boolean docBaseCanonicalInAppBase = + docBaseAbsoluteFile.getCanonicalFile().toPath().startsWith(appBase.toPath()); String docBase; if (docBaseCanonicalInAppBase) { docBase = docBaseCanonical.substring(appBase.getPath().length()); Index: apache-tomcat-9.0.36-src/java/org/apache/catalina/startup/ExpandWar.java =================================================================== --- apache-tomcat-9.0.36-src.orig/java/org/apache/catalina/startup/ExpandWar.java +++ apache-tomcat-9.0.36-src/java/org/apache/catalina/startup/ExpandWar.java @@ -26,6 +26,7 @@ import java.net.JarURLConnection; import java.net.URL; import java.net.URLConnection; import java.nio.channels.FileChannel; +import java.nio.file.Path; import java.util.Enumeration; import java.util.jar.JarEntry; import java.util.jar.JarFile; @@ -116,10 +117,7 @@ public class ExpandWar { } // Expand the WAR into the new document base directory - String canonicalDocBasePrefix = docBase.getCanonicalPath(); - if (!canonicalDocBasePrefix.endsWith(File.separator)) { - canonicalDocBasePrefix += File.separator; - } + Path canonicalDocBasePath = docBase.getCanonicalFile().toPath(); // Creating war tracker parent (normally META-INF) File warTrackerParent = warTracker.getParentFile(); @@ -134,14 +132,13 @@ public class ExpandWar { JarEntry jarEntry = jarEntries.nextElement(); String name = jarEntry.getName(); File expandedFile = new File(docBase, name); - if (!expandedFile.getCanonicalPath().startsWith( - canonicalDocBasePrefix)) { + if (!expandedFile.getCanonicalFile().toPath().startsWith(canonicalDocBasePath)) { // Trying to expand outside the docBase // Throw an exception to stop the deployment throw new IllegalArgumentException( sm.getString("expandWar.illegalPath",war, name, expandedFile.getCanonicalPath(), - canonicalDocBasePrefix)); + canonicalDocBasePath)); } int last = name.lastIndexOf('/'); if (last >= 0) { @@ -217,10 +214,7 @@ public class ExpandWar { File docBase = new File(host.getAppBaseFile(), pathname); // Calculate the document base directory - String canonicalDocBasePrefix = docBase.getCanonicalPath(); - if (!canonicalDocBasePrefix.endsWith(File.separator)) { - canonicalDocBasePrefix += File.separator; - } + Path canonicalDocBasePath = docBase.getCanonicalFile().toPath(); JarURLConnection juc = (JarURLConnection) war.openConnection(); juc.setUseCaches(false); try (JarFile jarFile = juc.getJarFile()) { @@ -229,14 +223,13 @@ public class ExpandWar { JarEntry jarEntry = jarEntries.nextElement(); String name = jarEntry.getName(); File expandedFile = new File(docBase, name); - if (!expandedFile.getCanonicalPath().startsWith( - canonicalDocBasePrefix)) { + if (!expandedFile.getCanonicalFile().toPath().startsWith(canonicalDocBasePath)) { // Entry located outside the docBase // Throw an exception to stop the deployment throw new IllegalArgumentException( sm.getString("expandWar.illegalPath",war, name, expandedFile.getCanonicalPath(), - canonicalDocBasePrefix)); + canonicalDocBasePath)); } } } catch (IOException e) { Index: apache-tomcat-9.0.36-src/java/org/apache/catalina/startup/HostConfig.java =================================================================== --- apache-tomcat-9.0.36-src.orig/java/org/apache/catalina/startup/HostConfig.java +++ apache-tomcat-9.0.36-src/java/org/apache/catalina/startup/HostConfig.java @@ -598,8 +598,7 @@ public class HostConfig implements Lifec docBase = new File(host.getAppBaseFile(), context.getDocBase()); } // If external docBase, register .xml as redeploy first - if (!docBase.getCanonicalPath().startsWith( - host.getAppBaseFile().getAbsolutePath() + File.separator)) { + if (!docBase.getCanonicalFile().toPath().startsWith(host.getAppBaseFile().toPath())) { isExternal = true; deployedApp.redeployResources.put( contextXml.getAbsolutePath(), Index: apache-tomcat-9.0.36-src/webapps/docs/changelog.xml =================================================================== --- apache-tomcat-9.0.36-src.orig/webapps/docs/changelog.xml +++ apache-tomcat-9.0.36-src/webapps/docs/changelog.xml @@ -163,6 +163,10 @@ <update> Update dependency on bnd to 5.1.0. (markt) </update> + <scode> + Use <code>java.nio.file.Path</code> to test for one directory being a + sub-directory of another in a consistent way. (markt) + </scode> </changelog> </subsection> </section>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
