geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From xuhaih...@apache.org
Subject svn commit: r1163221 - in /geronimo/external/trunk/tomcat-parent-7.0.19/catalina/src/main/java/org/apache/coyote/ajp: AjpAprProcessor.java AjpNioProcessor.java AjpProcessor.java
Date Tue, 30 Aug 2011 14:10:05 GMT
Author: xuhaihong
Date: Tue Aug 30 14:10:05 2011
New Revision: 1163221

URL: http://svn.apache.org/viewvc?rev=1163221&view=rev
Log:
Merge the changes 
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
Fix CVE-2011-3190
Prevent AJP request forgery via unread request body packet

Modified:
    geronimo/external/trunk/tomcat-parent-7.0.19/catalina/src/main/java/org/apache/coyote/ajp/AjpAprProcessor.java
    geronimo/external/trunk/tomcat-parent-7.0.19/catalina/src/main/java/org/apache/coyote/ajp/AjpNioProcessor.java
    geronimo/external/trunk/tomcat-parent-7.0.19/catalina/src/main/java/org/apache/coyote/ajp/AjpProcessor.java

Modified: geronimo/external/trunk/tomcat-parent-7.0.19/catalina/src/main/java/org/apache/coyote/ajp/AjpAprProcessor.java
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-7.0.19/catalina/src/main/java/org/apache/coyote/ajp/AjpAprProcessor.java?rev=1163221&r1=1163220&r2=1163221&view=diff
==============================================================================
--- geronimo/external/trunk/tomcat-parent-7.0.19/catalina/src/main/java/org/apache/coyote/ajp/AjpAprProcessor.java
(original)
+++ geronimo/external/trunk/tomcat-parent-7.0.19/catalina/src/main/java/org/apache/coyote/ajp/AjpAprProcessor.java
Tue Aug 30 14:10:05 2011
@@ -145,11 +145,13 @@ public class AjpAprProcessor extends Abs
                     }
                     continue;
                 } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
-                    // Usually the servlet didn't read the previous request body
+                    // Unexpected packet type. Unread body packets should have
+                    // been swallowed in finish().
                     if(log.isDebugEnabled()) {
                         log.debug("Unexpected message: "+type);
                     }
-                    continue;
+                    error = true;
+                    break;
                 }
 
                 keptAlive = true;
@@ -297,7 +299,11 @@ public class AjpAprProcessor extends Abs
             return;
 
         finished = true;
-
+        
+        // Swallow the unread body packet if present
+        if (first && request.getContentLengthLong() > 0) {
+            receive();
+        }
         // Add the end message
         if (outputBuffer.position() + endMessageArray.length > outputBuffer.capacity())
{
             flush(false);

Modified: geronimo/external/trunk/tomcat-parent-7.0.19/catalina/src/main/java/org/apache/coyote/ajp/AjpNioProcessor.java
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-7.0.19/catalina/src/main/java/org/apache/coyote/ajp/AjpNioProcessor.java?rev=1163221&r1=1163220&r2=1163221&view=diff
==============================================================================
--- geronimo/external/trunk/tomcat-parent-7.0.19/catalina/src/main/java/org/apache/coyote/ajp/AjpNioProcessor.java
(original)
+++ geronimo/external/trunk/tomcat-parent-7.0.19/catalina/src/main/java/org/apache/coyote/ajp/AjpNioProcessor.java
Tue Aug 30 14:10:05 2011
@@ -130,13 +130,15 @@ public class AjpNioProcessor extends Abs
                     }
                     recycle(true);
                     continue;
-                } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
-                    // Usually the servlet didn't read the previous request body
+                } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {                 
  
+                    // Unexpected packet type. Unread body packets should have
+                    // been swallowed in finish().
                     if(log.isDebugEnabled()) {
                         log.debug("Unexpected message: "+type);
                     }
+                    error = true;
                     recycle(false);
-                    continue;
+                    break;
                 }
                 request.setStartTime(System.currentTimeMillis());
             } catch (IOException e) {
@@ -317,7 +319,10 @@ public class AjpNioProcessor extends Abs
             return;
 
         finished = true;
-
+        // Swallow the unread body packet if present
+        if (first && request.getContentLengthLong() > 0) {
+            receive();
+        }
         // Add the end message
         output(endMessageArray, 0, endMessageArray.length);
     }

Modified: geronimo/external/trunk/tomcat-parent-7.0.19/catalina/src/main/java/org/apache/coyote/ajp/AjpProcessor.java
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-7.0.19/catalina/src/main/java/org/apache/coyote/ajp/AjpProcessor.java?rev=1163221&r1=1163220&r2=1163221&view=diff
==============================================================================
--- geronimo/external/trunk/tomcat-parent-7.0.19/catalina/src/main/java/org/apache/coyote/ajp/AjpProcessor.java
(original)
+++ geronimo/external/trunk/tomcat-parent-7.0.19/catalina/src/main/java/org/apache/coyote/ajp/AjpProcessor.java
Tue Aug 30 14:10:05 2011
@@ -147,11 +147,13 @@ public class AjpProcessor extends Abstra
                     }
                     continue;
                 } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
-                    // Usually the servlet didn't read the previous request body
+                    // Unexpected packet type. Unread body packets should have
+                    // been swallowed in finish().
                     if(log.isDebugEnabled()) {
                         log.debug("Unexpected message: "+type);
                     }
-                    continue;
+                    error = true;
+                    break;
                 }
 
                 request.setStartTime(System.currentTimeMillis());
@@ -311,7 +313,10 @@ public class AjpProcessor extends Abstra
             return;
 
         finished = true;
-
+        // Swallow the unread body packet if present
+        if (first && request.getContentLengthLong() > 0) {
+            receive();
+        }
         // Add the end message
         output.write(endMessageArray);
 



Mime
View raw message