Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.4
jetty5
jetty-5.1.14-CVE-2009-1523.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File jetty-5.1.14-CVE-2009-1523.patch of Package jetty5
diff -up ./src/org/mortbay/jetty/servlet/Dispatcher.java.fix ./src/org/mortbay/jetty/servlet/Dispatcher.java --- ./src/org/mortbay/jetty/servlet/Dispatcher.java.fix 2009-05-13 16:47:24.000000000 -0400 +++ ./src/org/mortbay/jetty/servlet/Dispatcher.java 2009-05-13 16:48:08.000000000 -0400 @@ -866,11 +866,25 @@ public class Dispatcher implements Reque StringBuffer buf = _request.getRootURL(); if (url.startsWith("/")) - buf.append(URI.canonicalPath(url)); + buf.append(url); else - buf.append(URI.canonicalPath(URI.addPaths(URI.parentPath(_request.getRequestURI()),url))); + buf.append(URI.addPaths(URI.parentPath(_request.getRequestURI()),url)); url=buf.toString(); } + URI uri = new URI(url); + String path = uri.getPath(); + String canonical = URI.canonicalPath(path); + if (!canonical.equals(path)) + { + StringBuffer buf = _request.getRootURL(); + buf.append(canonical); + if (uri.getQuery()!=null) + { + buf.append('?'); + buf.append(uri.getQuery()); + } + url=buf.toString(); + } super.sendRedirect(url); } diff -up ./src/org/mortbay/jetty/servlet/ServletHttpResponse.java.fix ./src/org/mortbay/jetty/servlet/ServletHttpResponse.java --- ./src/org/mortbay/jetty/servlet/ServletHttpResponse.java.fix 2009-05-13 16:47:39.000000000 -0400 +++ ./src/org/mortbay/jetty/servlet/ServletHttpResponse.java 2009-05-13 16:49:14.000000000 -0400 @@ -441,18 +441,34 @@ public class ServletHttpResponse impleme { StringBuffer buf = _servletHttpRequest.getHttpRequest().getRootURL(); if (url.startsWith("/")) - buf.append(URI.canonicalPath(url)); + buf.append(url); else { String path=_servletHttpRequest.getRequestURI(); String parent=(path.endsWith("/"))?path:URI.parentPath(path); - url=URI.canonicalPath(URI.addPaths(parent,url)); + url=URI.addPaths(parent,url); if (!url.startsWith("/")) buf.append('/'); buf.append(url); } url=buf.toString(); + URI uri = new URI(url); + String path=uri.getPath(); + String canonical=URI.canonicalPath(path); + if (canonical==null) + throw new IllegalArgumentException(); + if (!canonical.equals(path)) + { + buf = _servletHttpRequest.getHttpRequest().getRootURL(); + buf.append(canonical); + if (uri.getQuery()!=null) + { + buf.append('?'); + buf.append(uri.getQuery()); + } + url=buf.toString(); + } } resetBuffer(); diff -up ./src/org/mortbay/util/URI.java.fix ./src/org/mortbay/util/URI.java --- ./src/org/mortbay/util/URI.java.fix 2009-05-13 16:47:53.000000000 -0400 +++ ./src/org/mortbay/util/URI.java 2009-05-13 16:48:08.000000000 -0400 @@ -830,8 +830,7 @@ public class URI return path; int end=path.length(); - int queryIdx=path.indexOf('?'); - int start = path.lastIndexOf('/', (queryIdx > 0 ? queryIdx : end)); + int start = path.lastIndexOf('/', end); search: while (end>0)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor