tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michal Vyskocil <mvysko...@suse.cz>
Subject Where's the fix of CVE-2005-2090?
Date Mon, 28 Jan 2008 15:59:06 GMT
Hi,

I'm unable to locate a patch to fix the CVE-2005-2090. I cannot found any hint 
from svn commit log or bugzilla.

According http://tomcat.apache.org/security-5.html is this issue fixed in 
5.5.23, so I've downloaded the 5.5.20 and a 5.5.23 from archive.apache.org 
and use a diff -ru on unpacked source code to locate that.

Maybe is this commit
------------------------------------------------------------------------
r513079 | markt | 2007-03-01 01:26:12 +0100 (Čt, 01 bře 2007) | 1 line

As per RFC2616, requests with multiple content-length headers are invalid.

Index: coyote/src/java/org/apache/coyote/Request.java
===================================================================
--- coyote/src/java/org/apache/coyote/Request.java	(revision 511952)
+++ coyote/src/java/org/apache/coyote/Request.java	(revision 513079)
@@ -294,7 +294,7 @@
     public long getContentLengthLong() {
         if( contentLength > -1 ) return contentLength;
 
-        MessageBytes clB = headers.getValue("content-length");
+        MessageBytes clB = headers.getUniqueValue("content-length");
         contentLength = (clB == null || clB.isNull()) ? -1 : clB.getLong();
 
         return contentLength;
...

is that, but I'm no sure.

Anyone could help?

Regards
Michal Vyskocil

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message