Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP2
tomcat.23709
tomcat-9.0-CVE-2021-41079.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tomcat-9.0-CVE-2021-41079.patch of Package tomcat.23709
From d4b340fa8feaf55831f9a59350578f7b6ca048b8 Mon Sep 17 00:00:00 2001 From: Mark Thomas <markt@apache.org> Date: Wed, 3 Mar 2021 12:00:46 +0000 Subject: [PATCH] Improve robustness --- .../apache/tomcat/util/net/openssl/LocalStrings.properties | 1 + java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 6 ++++-- webapps/docs/changelog.xml | 4 ++++ 3 files changed, 9 insertions(+), 2 deletions(-) Index: apache-tomcat-9.0.36-src/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties =================================================================== --- apache-tomcat-9.0.36-src.orig/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties +++ apache-tomcat-9.0.36-src/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties @@ -17,6 +17,7 @@ engine.ciphersFailure=Failed getting cip engine.emptyCipherSuite=Empty cipher suite engine.engineClosed=Engine is closed engine.failedCipherSuite=Failed to enable cipher suite [{0}] +engine.failedToReadAvailableBytes=There are plain text bytes available to read but no bytes were read engine.inboundClose=Inbound closed before receiving peer's close_notify engine.invalidBufferArray=offset: [{0}], length: [{1}] (expected: offset <= offset + length <= srcs.length [{2}]) engine.noRestrictSessionCreation=OpenSslEngine does not permit restricting the engine to only resuming existing sessions Index: apache-tomcat-9.0.36-src/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java =================================================================== --- apache-tomcat-9.0.36-src.orig/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java +++ apache-tomcat-9.0.36-src/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java @@ -587,8 +587,10 @@ public final class OpenSSLEngine extends throw new SSLException(e); } - if (bytesRead == 0) { - break; + if (bytesRead <= 0) { + // This should not be possible. pendingApp is positive + // therefore the read should have read at least one byte. + throw new IllegalStateException(sm.getString("engine.failedToReadAvailableBytes")); } bytesProduced += bytesRead; Index: apache-tomcat-9.0.36-src/webapps/docs/changelog.xml =================================================================== --- apache-tomcat-9.0.36-src.orig/webapps/docs/changelog.xml +++ apache-tomcat-9.0.36-src/webapps/docs/changelog.xml @@ -137,6 +137,10 @@ <fix> <bug>64830</bug>: Fix concurrency issue in HPACK decoder. (markt) </fix> + <fix> + Make handling of OpenSSL read errors more robust when plain text data is + reported to be available to read. (markt) + </fix> </changelog> </subsection> <subsection name="Other">
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor