geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From michaelf...@apache.org
Subject svn commit: r1170984 - in /geronimo/external/trunk/tomcat-parent-6.0.33/catalina/src/main/java/org/apache/coyote/ajp: AjpAprProcessor.java AjpProcessor.java
Date Thu, 15 Sep 2011 07:34:10 GMT
Author: michaelfang
Date: Thu Sep 15 07:34:09 2011
New Revision: 1170984

URL: http://svn.apache.org/viewvc?rev=1170984&view=rev
Log:
merge security fixes for CVE-2011-3190 from Tomcat 6.0.x trunk

Modified:
    geronimo/external/trunk/tomcat-parent-6.0.33/catalina/src/main/java/org/apache/coyote/ajp/AjpAprProcessor.java
    geronimo/external/trunk/tomcat-parent-6.0.33/catalina/src/main/java/org/apache/coyote/ajp/AjpProcessor.java

Modified: geronimo/external/trunk/tomcat-parent-6.0.33/catalina/src/main/java/org/apache/coyote/ajp/AjpAprProcessor.java
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-6.0.33/catalina/src/main/java/org/apache/coyote/ajp/AjpAprProcessor.java?rev=1170984&r1=1170983&r2=1170984&view=diff
==============================================================================
--- geronimo/external/trunk/tomcat-parent-6.0.33/catalina/src/main/java/org/apache/coyote/ajp/AjpAprProcessor.java
(original)
+++ geronimo/external/trunk/tomcat-parent-6.0.33/catalina/src/main/java/org/apache/coyote/ajp/AjpAprProcessor.java
Thu Sep 15 07:34:09 2011
@@ -405,11 +405,13 @@ public class AjpAprProcessor implements 
                     }
                     continue;
                 } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
-                    // Usually the servlet didn't read the previous request body
-                    if(log.isDebugEnabled()) {
-                        log.debug("Unexpected message: "+type);
+                    // Unexpected packet type. Unread body packets should have
+                    // been swallowed in finish().
+                    if (log.isDebugEnabled()) {
+                        log.debug("Unexpected message: " + type);
                     }
-                    continue;
+                    error = true;
+                    break;
                 }
 
                 keptAlive = true;
@@ -1056,6 +1058,11 @@ public class AjpAprProcessor implements 
 
         finished = true;
 
+        // Swallow the unread body packet if present
+        if (first && request.getContentLengthLong() > 0) {
+            receive();
+        }
+        
         // Add the end message
         if (outputBuffer.position() + endMessageArray.length > outputBuffer.capacity())
{
             flush();

Modified: geronimo/external/trunk/tomcat-parent-6.0.33/catalina/src/main/java/org/apache/coyote/ajp/AjpProcessor.java
URL: http://svn.apache.org/viewvc/geronimo/external/trunk/tomcat-parent-6.0.33/catalina/src/main/java/org/apache/coyote/ajp/AjpProcessor.java?rev=1170984&r1=1170983&r2=1170984&view=diff
==============================================================================
--- geronimo/external/trunk/tomcat-parent-6.0.33/catalina/src/main/java/org/apache/coyote/ajp/AjpProcessor.java
(original)
+++ geronimo/external/trunk/tomcat-parent-6.0.33/catalina/src/main/java/org/apache/coyote/ajp/AjpProcessor.java
Thu Sep 15 07:34:09 2011
@@ -423,11 +423,13 @@ public class AjpProcessor implements Act
                     }
                     continue;
                 } else if(type != Constants.JK_AJP13_FORWARD_REQUEST) {
-                    // Usually the servlet didn't read the previous request body
-                    if(log.isDebugEnabled()) {
-                        log.debug("Unexpected message: "+type);
+                    // Unexpected packet type. Unread body packets should have
+                    // been swallowed in finish().
+                    if (log.isDebugEnabled()) {
+                        log.debug("Unexpected message: " + type);
                     }
-                    continue;
+                    error = true;
+                    break;
                 }
 
                 request.setStartTime(System.currentTimeMillis());
@@ -1061,6 +1063,11 @@ public class AjpProcessor implements Act
 
         finished = true;
 
+        // Swallow the unread body packet if present
+        if (first && request.getContentLengthLong() > 0) {
+            receive();
+        }
+        
         // Add the end message
         output.write(endMessageArray);
 



Mime
View raw message