tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r781382 - in /tomcat/container/branches/tc4.1.x: ./ catalina/src/share/org/apache/catalina/realm/
Date Wed, 03 Jun 2009 14:02:06 GMT
Author: markt
Date: Wed Jun  3 14:02:06 2009
New Revision: 781382

URL: http://svn.apache.org/viewvc?rev=781382&view=rev
Log:
Fix NPE / information disclosure issue that allowed user enumeration with FORM auth.
This is CVE-2009-0580.

Modified:
    tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt
    tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/DataSourceRealm.java
    tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/JDBCRealm.java
    tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java

Modified: tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt
URL: http://svn.apache.org/viewvc/tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt?rev=781382&r1=781381&r2=781382&view=diff
==============================================================================
--- tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt (original)
+++ tomcat/container/branches/tc4.1.x/RELEASE-NOTES-4.1.txt Wed Jun  3 14:02:06 2009
@@ -1753,6 +1753,11 @@
          Fix typo in French localisation file name for the
          org.apache.catalina.loader package.
 
+[4.1.40] Realms
+         Fix information disclosure vulnerability that permitted user
+         enumeration when using FORM authentication.
+         This is CVE-2009-0580.
+
 
 ----------------
 Coyote Bug Fixes:

Modified: tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/DataSourceRealm.java
URL: http://svn.apache.org/viewvc/tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/DataSourceRealm.java?rev=781382&r1=781381&r2=781382&view=diff
==============================================================================
--- tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/DataSourceRealm.java
(original)
+++ tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/DataSourceRealm.java
Wed Jun  3 14:02:06 2009
@@ -270,8 +270,9 @@
      */
     public Principal authenticate(String username, String credentials) {
 
-        // No user - can't possibly authenticate, don't bother the database then
-        if (username == null) {
+        // No user or no credentials
+        // Can't possibly authenticate, don't bother the database then
+        if (username == null || credentials == null) {
             return null;
         }
 

Modified: tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/JDBCRealm.java
URL: http://svn.apache.org/viewvc/tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/JDBCRealm.java?rev=781382&r1=781381&r2=781382&view=diff
==============================================================================
--- tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/JDBCRealm.java
(original)
+++ tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/JDBCRealm.java
Wed Jun  3 14:02:06 2009
@@ -391,10 +391,10 @@
                                                String username,
                                                String credentials) {
 
-
-        // No user - can't possibly authenticate
-        if (username == null) {
-            return (null);
+        // No user or no credentials
+        // Can't possibly authenticate, don't bother the database then
+        if (username == null || credentials == null) {
+            return null;
         }
 
         // Look up the user's credentials

Modified: tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java
URL: http://svn.apache.org/viewvc/tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java?rev=781382&r1=781381&r2=781382&view=diff
==============================================================================
--- tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java
(original)
+++ tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/MemoryRealm.java
Wed Jun  3 14:02:06 2009
@@ -144,7 +144,7 @@
             (GenericPrincipal) principals.get(username);
 
         boolean validated = false;
-        if (principal != null) {
+        if (principal != null && credentials != null) {
             if (hasMessageDigest()) {
                 // Hex hashes should be compared case-insensitive
                 validated = (digest(credentials)



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message