Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 312281 Details for
Bug 456120
CVE-2008-2938 tomcat Unicode directory traversal vulnerability
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch for Tomcat 5.5.23
patch.5.5.23.new.patch (text/plain), 2.51 KB, created by
Marc Schoenefeld
on 2008-07-21 16:31:59 UTC
(
hide
)
Description:
Patch for Tomcat 5.5.23
Filename:
MIME Type:
Creator:
Marc Schoenefeld
Created:
2008-07-21 16:31:59 UTC
Size:
2.51 KB
patch
obsolete
>--- container/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java 2008-07-17 13:13:43 UTC (rev 717) >+++ container/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java 2008-07-17 17:43:56 UTC (rev 718) >@@ -442,6 +442,12 @@ > } > // Character decoding > convertURI(decodedURI, request); >+ // Check that the URI is still normalized >+ if (!checkNormalize(req.decodedURI())) { >+ res.setStatus(400); >+ res.setMessage("Invalid URI character encoding"); >+ return false; >+ } > } else { > // The URL is chars or String, and has been sent using an in-memory > // protocol handler, we have to assume the URL has been properly >@@ -821,6 +827,67 @@ > } > > >+ /** >+ * Check that the URI is normalized following character decoding. >+ * <p> >+ * This method checks for "\", "//", "/./" and "/../". This method will >+ * return false if sequences that are supposed to be normalized still >+ * present in the URI. >+ * >+ * @param uriMB URI to be normalized >+ */ >+ public static boolean checkNormalize(MessageBytes uriMB) { >+ >+ CharChunk uriCC = uriMB.getCharChunk(); >+ char[] c = uriCC.getChars(); >+ int start = uriCC.getStart(); >+ int end = uriCC.getEnd(); >+ >+ int pos = 0; >+ >+ // Check for '\' and for null byte >+ for (pos = start; pos < end; pos++) { >+ if (c[pos] == '\\') { >+ return false; >+ } >+ if (c[pos] == 0) { >+ return false; >+ } >+ } >+ >+ // Check for "//" >+ for (pos = start; pos < (end - 1); pos++) { >+ if (c[pos] == '/') { >+ if (c[pos + 1] == '/') { >+ return false; >+ } >+ } >+ } >+ >+ // Check for URI ending with "/." or "/.." >+ if (((end - start) >= 2) && (c[end - 1] == '.')) { >+ if ((c[end - 2] == '/') >+ || ((c[end - 2] == '.') >+ && (c[end - 3] == '/'))) { >+ return false; >+ } >+ } >+ >+ // Check for "/./" >+ if (uriCC.indexOf("/./", 0, 3, 0) >= 0) { >+ return false; >+ } >+ >+ // Check for "/./" >+ if (uriCC.indexOf("/../", 0, 4, 0) >= 0) { >+ return false; >+ } >+ >+ return true; >+ >+ } >+ >+ > // ------------------------------------------------------ Protected Methods > > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=312281">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 456120
: 312281