139 lines
5.2 KiB
Diff
139 lines
5.2 KiB
Diff
--- java/org/apache/coyote/http11/Http11AprProcessor.java.orig 2010-07-12 11:52:05.981133000 -0400
|
|
+++ java/org/apache/coyote/http11/Http11AprProcessor.java 2010-07-12 11:59:39.205913000 -0400
|
|
@@ -78,6 +78,12 @@
|
|
protected static StringManager sm =
|
|
StringManager.getManager(Constants.Package);
|
|
|
|
+ /**
|
|
+ * Tracks how many internal filters are in the filter library so they
|
|
+ * are skipped whe looking for pluggable filters
|
|
+ */
|
|
+ private int pluggableFilterIndex = Integer.MAX_VALUE;
|
|
+
|
|
|
|
// ----------------------------------------------------------- Constructors
|
|
|
|
@@ -1736,6 +1742,8 @@
|
|
//inputBuffer.addFilter(new GzipInputFilter());
|
|
outputBuffer.addFilter(new GzipOutputFilter());
|
|
|
|
+ pluggableFilterIndex = inputBuffer.filterLibrary.length;
|
|
+
|
|
}
|
|
|
|
|
|
@@ -1754,7 +1762,7 @@
|
|
(inputFilters[Constants.CHUNKED_FILTER]);
|
|
contentDelimitation = true;
|
|
} else {
|
|
- for (int i = 2; i < inputFilters.length; i++) {
|
|
+ for (int i = pluggableFilterIndex; i < inputFilters.length; i++) {
|
|
if (inputFilters[i].getEncodingName()
|
|
.toString().equals(encodingName)) {
|
|
inputBuffer.addActiveFilter(inputFilters[i]);
|
|
--- java/org/apache/coyote/http11/Http11NioProcessor.java.orig 2010-07-12 12:00:05.720580000 -0400
|
|
+++ java/org/apache/coyote/http11/Http11NioProcessor.java 2010-07-12 12:19:36.465303000 -0400
|
|
@@ -81,6 +81,12 @@
|
|
*/
|
|
protected SSLSupport sslSupport;
|
|
|
|
+ /**
|
|
+ * Tracks how many internal filters are in the filter library so they
|
|
+ * are skipped whe looking for pluggable filters
|
|
+ */
|
|
+ private int pluggableFilterIndex = Integer.MAX_VALUE;
|
|
+
|
|
// ----------------------------------------------------------- Constructors
|
|
|
|
|
|
@@ -1763,6 +1769,8 @@
|
|
//inputBuffer.addFilter(new GzipInputFilter());
|
|
outputBuffer.addFilter(new GzipOutputFilter());
|
|
|
|
+ pluggableFilterIndex = inputBuffer.filterLibrary.length;
|
|
+
|
|
}
|
|
|
|
|
|
@@ -1781,7 +1789,7 @@
|
|
(inputFilters[Constants.CHUNKED_FILTER]);
|
|
contentDelimitation = true;
|
|
} else {
|
|
- for (int i = 2; i < inputFilters.length; i++) {
|
|
+ for (int i = pluggableFilterIndex; i < inputFilters.length; i++) {
|
|
if (inputFilters[i].getEncodingName()
|
|
.toString().equals(encodingName)) {
|
|
inputBuffer.addActiveFilter(inputFilters[i]);
|
|
--- java/org/apache/coyote/http11/Http11Processor.java.orig 2010-07-12 12:20:42.784634000 -0400
|
|
+++ java/org/apache/coyote/http11/Http11Processor.java 2010-07-12 12:23:14.996732000 -0400
|
|
@@ -76,6 +76,11 @@
|
|
protected static boolean isSecurityEnabled =
|
|
org.apache.coyote.Constants.IS_SECURITY_ENABLED;
|
|
|
|
+ /**
|
|
+ * Tracks how many internal filters are in the filter library so they
|
|
+ * are skipped whe looking for pluggable filters
|
|
+ */
|
|
+ private int pluggableFilterIndex = Integer.MAX_VALUE;
|
|
// ------------------------------------------------------------ Constructor
|
|
|
|
|
|
@@ -1642,6 +1647,7 @@
|
|
//inputBuffer.addFilter(new GzipInputFilter());
|
|
outputBuffer.addFilter(new GzipOutputFilter());
|
|
|
|
+ pluggableFilterIndex = inputBuffer.filterLibrary.length;
|
|
}
|
|
|
|
|
|
@@ -1660,7 +1666,7 @@
|
|
(inputFilters[Constants.CHUNKED_FILTER]);
|
|
contentDelimitation = true;
|
|
} else {
|
|
- for (int i = 2; i < inputFilters.length; i++) {
|
|
+ for (int i = pluggableFilterIndex; i < inputFilters.length; i++) {
|
|
if (inputFilters[i].getEncodingName()
|
|
.toString().equals(encodingName)) {
|
|
inputBuffer.addActiveFilter(inputFilters[i]);
|
|
--- java/org/apache/coyote/http11/filters/BufferedInputFilter.java.orig 2010-01-19 08:43:40.000000000 -0500
|
|
+++ java/org/apache/coyote/http11/filters/BufferedInputFilter.java 2010-07-12 13:00:50.374586000 -0400
|
|
@@ -102,10 +102,14 @@
|
|
}
|
|
|
|
public void recycle() {
|
|
- if (buffered.getBuffer().length > 65536) {
|
|
- buffered = null;
|
|
- } else {
|
|
- buffered.recycle();
|
|
+ if (buffered != null)
|
|
+ {
|
|
+ if (buffered.getBuffer().length > 65536)
|
|
+ {
|
|
+ buffered = null;
|
|
+ } else {
|
|
+ buffered.recycle();
|
|
+ }
|
|
}
|
|
tempRead.recycle();
|
|
hasRead = false;
|
|
|
|
--- webapps/docs/changelog.xml.orig 2010-07-12 16:08:24.000000000 -0600
|
|
+++ webapps/docs/changelog.xml 2010-07-12 16:12:43.000000000 -0600
|
|
@@ -40,6 +40,16 @@
|
|
Correct TCK failures with security manager caused by the original fix
|
|
for <bug>47774</bug>. (markt)
|
|
</fix>
|
|
+ <fix>
|
|
+ Arange filter logic (jgclere)
|
|
+ Several flaws in the handling of the 'Transfer-Encoding' header
|
|
+ were found that prevented the recycling of a buffer. A remote
|
|
+ attacker could trigger this flaw which would cause subsequent
|
|
+ requests to fail and/or information to leak between requests.
|
|
+ This flaw is mitigated if Tomcat is behind a reverse proxy
|
|
+ (such as Apache httpd 2.2) as the proxy should reject the
|
|
+ invalid transfer encoding header.
|
|
+ </fix>
|
|
</changelog>
|
|
</subsection>
|
|
<subsection name="Other">
|