Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Leen-Meyer:test
tomcat6
apache-tomcat-CVE-2011-3375.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apache-tomcat-CVE-2011-3375.patch of Package tomcat6
Index: apache-tomcat-6.0.33-src/java/org/apache/coyote/http11/Http11Processor.java =================================================================== --- apache-tomcat-6.0.33-src.orig/java/org/apache/coyote/http11/Http11Processor.java 2011-08-16 14:26:14.000000000 +0200 +++ apache-tomcat-6.0.33-src/java/org/apache/coyote/http11/Http11Processor.java 2012-02-06 13:56:30.852513375 +0100 @@ -893,7 +893,7 @@ log.error(sm.getString("http11processor.request.finish"), t); // 500 - Internal Server Error response.setStatus(500); - adapter.log(request, response, 0); + // No access logging since after service method error = true; } try { @@ -1201,7 +1201,6 @@ " Unsupported HTTP version \""+protocolMB+"\""); } response.setStatus(505); - adapter.log(request, response, 0); } MessageBytes methodMB = request.method(); @@ -1299,7 +1298,6 @@ error = true; // 501 - Unimplemented response.setStatus(501); - adapter.log(request, response, 0); } startPos = commaPos + 1; commaPos = transferEncodingValue.indexOf(',', startPos); @@ -1315,7 +1313,6 @@ " Unsupported transfer encoding \""+encodingName+"\""); } response.setStatus(501); - adapter.log(request, response, 0); } } @@ -1338,7 +1335,6 @@ " host header missing"); } response.setStatus(400); - adapter.log(request, response, 0); } parseHost(valueMB); @@ -1352,6 +1348,9 @@ contentDelimitation = true; } + if (error) { + adapter.log(request, response, 0); + } } @@ -1418,7 +1417,6 @@ error = true; // 400 - Bad request response.setStatus(400); - adapter.log(request, response, 0); break; } port = port + (charValue * mult); Index: apache-tomcat-6.0.33-src/java/org/apache/coyote/http11/Http11AprProcessor.java =================================================================== --- apache-tomcat-6.0.33-src.orig/java/org/apache/coyote/http11/Http11AprProcessor.java 2011-08-16 14:26:14.000000000 +0200 +++ apache-tomcat-6.0.33-src/java/org/apache/coyote/http11/Http11AprProcessor.java 2012-02-06 13:56:30.853513409 +0100 @@ -972,8 +972,9 @@ } catch (Throwable t) { log.error(sm.getString("http11processor.request.finish"), t); // 500 - Internal Server Error + // Can't add a 500 to the access log since that has already been + // written in the Adapter.service method. response.setStatus(500); - adapter.log(request, response, 0); error = true; } try { @@ -1327,7 +1328,6 @@ error = true; // Send 505; Unsupported HTTP version response.setStatus(505); - adapter.log(request, response, 0); } MessageBytes methodMB = request.method(); @@ -1425,7 +1425,6 @@ error = true; // 501 - Unimplemented response.setStatus(501); - adapter.log(request, response, 0); } startPos = commaPos + 1; commaPos = transferEncodingValue.indexOf(',', startPos); @@ -1437,7 +1436,6 @@ error = true; // 501 - Unimplemented response.setStatus(501); - adapter.log(request, response, 0); } } @@ -1456,7 +1454,6 @@ error = true; // 400 - Bad request response.setStatus(400); - adapter.log(request, response, 0); } parseHost(valueMB); @@ -1476,7 +1473,10 @@ } // Advertise comet support through a request attribute request.setAttribute("org.apache.tomcat.comet.support", Boolean.TRUE); - + + if (error) { + adapter.log(request, response, 0); + } } @@ -1539,7 +1539,6 @@ error = true; // 400 - Bad request response.setStatus(400); - adapter.log(request, response, 0); break; } port = port + (charValue * mult); Index: apache-tomcat-6.0.33-src/java/org/apache/coyote/http11/Http11NioProcessor.java =================================================================== --- apache-tomcat-6.0.33-src.orig/java/org/apache/coyote/http11/Http11NioProcessor.java 2011-08-16 14:26:14.000000000 +0200 +++ apache-tomcat-6.0.33-src/java/org/apache/coyote/http11/Http11NioProcessor.java 2012-02-06 13:56:30.854513442 +0100 @@ -986,8 +986,9 @@ } catch (Throwable t) { log.error(sm.getString("http11processor.request.finish"), t); // 500 - Internal Server Error + // Can't add a 500 to the access log since that has already been + // written in the Adapter.service method. response.setStatus(500); - adapter.log(request, response, 0); error = true; } try { @@ -1322,7 +1323,6 @@ error = true; // Send 505; Unsupported HTTP version response.setStatus(505); - adapter.log(request, response, 0); } MessageBytes methodMB = request.method(); @@ -1420,7 +1420,6 @@ error = true; // 501 - Unimplemented response.setStatus(501); - adapter.log(request, response, 0); } startPos = commaPos + 1; commaPos = transferEncodingValue.indexOf(',', startPos); @@ -1432,7 +1431,6 @@ error = true; // 501 - Unimplemented response.setStatus(501); - adapter.log(request, response, 0); } } @@ -1451,7 +1449,6 @@ error = true; // 400 - Bad request response.setStatus(400); - adapter.log(request, response, 0); } parseHost(valueMB); @@ -1473,6 +1470,9 @@ // Advertise comet timeout support request.setAttribute("org.apache.tomcat.comet.timeout.support", Boolean.TRUE); + if (error) { + adapter.log(request, response, 0); + } } @@ -1535,7 +1535,6 @@ error = true; // 400 - Bad request response.setStatus(400); - adapter.log(request, response, 0); break; } port = port + (charValue * mult); Index: apache-tomcat-6.0.33-src/java/org/apache/coyote/ajp/AjpProcessor.java =================================================================== --- apache-tomcat-6.0.33-src.orig/java/org/apache/coyote/ajp/AjpProcessor.java 2011-08-16 14:26:14.000000000 +0200 +++ apache-tomcat-6.0.33-src/java/org/apache/coyote/ajp/AjpProcessor.java 2012-02-06 13:56:30.854513442 +0100 @@ -443,15 +443,17 @@ } // Setting up filters, and parse some request headers - rp.setStage(org.apache.coyote.Constants.STAGE_PREPARE); - try { - prepareRequest(); - } catch (Throwable t) { - log.debug(sm.getString("ajpprocessor.request.prepare"), t); - // 400 - Internal Server Error - response.setStatus(400); - adapter.log(request, response, 0); - error = true; + if (!error) { + rp.setStage(org.apache.coyote.Constants.STAGE_PREPARE); + try { + prepareRequest(); + } catch (Throwable t) { + log.debug(sm.getString("ajpprocessor.request.prepare"), t); + // 400 - Internal Server Error + response.setStatus(400); + adapter.log(request, response, 0); + error = true; + } } // Process the request in the adapter @@ -842,7 +844,6 @@ secret = true; if (!tmpMB.equals(requiredSecret)) { response.setStatus(403); - adapter.log(request, response, 0); error = true; } } @@ -859,7 +860,6 @@ // Check if secret was submitted if required if ((requiredSecret != null) && !secret) { response.setStatus(403); - adapter.log(request, response, 0); error = true; } @@ -893,6 +893,9 @@ MessageBytes valueMB = request.getMimeHeaders().getValue("host"); parseHost(valueMB); + if (error) { + adapter.log(request, response, 0); + } } @@ -908,7 +911,6 @@ request.serverName().duplicate(request.localName()); } catch (IOException e) { response.setStatus(400); - adapter.log(request, response, 0); error = true; } return; @@ -960,7 +962,6 @@ error = true; // 400 - Bad request response.setStatus(400); - adapter.log(request, response, 0); break; } port = port + (charValue * mult); Index: apache-tomcat-6.0.33-src/java/org/apache/coyote/ajp/AjpAprProcessor.java =================================================================== --- apache-tomcat-6.0.33-src.orig/java/org/apache/coyote/ajp/AjpAprProcessor.java 2011-08-16 14:26:14.000000000 +0200 +++ apache-tomcat-6.0.33-src/java/org/apache/coyote/ajp/AjpAprProcessor.java 2012-02-06 13:56:30.855513476 +0100 @@ -426,15 +426,17 @@ } // Setting up filters, and parse some request headers - rp.setStage(org.apache.coyote.Constants.STAGE_PREPARE); - try { - prepareRequest(); - } catch (Throwable t) { - log.debug(sm.getString("ajpprocessor.request.prepare"), t); - // 400 - Internal Server Error - response.setStatus(400); - adapter.log(request, response, 0); - error = true; + if (!error) { + rp.setStage(org.apache.coyote.Constants.STAGE_PREPARE); + try { + prepareRequest(); + } catch (Throwable t) { + log.debug(sm.getString("ajpprocessor.request.prepare"), t); + // 400 - Internal Server Error + response.setStatus(400); + adapter.log(request, response, 0); + error = true; + } } // Process the request in the adapter @@ -837,7 +839,6 @@ secret = true; if (!tmpMB.equals(requiredSecret)) { response.setStatus(403); - adapter.log(request, response, 0); error = true; } } @@ -854,7 +855,6 @@ // Check if secret was submitted if required if ((requiredSecret != null) && !secret) { response.setStatus(403); - adapter.log(request, response, 0); error = true; } @@ -888,6 +888,9 @@ MessageBytes valueMB = request.getMimeHeaders().getValue("host"); parseHost(valueMB); + if (error) { + adapter.log(request, response, 0); + } } @@ -903,7 +906,6 @@ request.serverName().duplicate(request.localName()); } catch (IOException e) { response.setStatus(400); - adapter.log(request, response, 0); error = true; } return; @@ -955,7 +957,6 @@ error = true; // 400 - Bad request response.setStatus(400); - adapter.log(request, response, 0); break; } port = port + (charValue * mult); Index: apache-tomcat-6.0.33-src/java/org/apache/catalina/connector/CoyoteAdapter.java =================================================================== --- apache-tomcat-6.0.33-src.orig/java/org/apache/catalina/connector/CoyoteAdapter.java 2011-08-16 14:26:14.000000000 +0200 +++ apache-tomcat-6.0.33-src/java/org/apache/catalina/connector/CoyoteAdapter.java 2012-02-06 13:56:30.855513476 +0100 @@ -24,6 +24,7 @@ import org.apache.catalina.CometEvent; import org.apache.catalina.Context; import org.apache.catalina.Globals; +import org.apache.catalina.Host; import org.apache.catalina.Wrapper; import org.apache.catalina.util.StringManager; import org.apache.catalina.util.ServerInfo; @@ -32,6 +33,7 @@ import org.apache.coyote.Adapter; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; +import org.apache.tomcat.util.ExceptionUtils; import org.apache.tomcat.util.buf.B2CConverter; import org.apache.tomcat.util.buf.ByteChunk; import org.apache.tomcat.util.buf.CharChunk; @@ -342,10 +344,8 @@ Request request = (Request) req.getNote(ADAPTER_NOTES); Response response = (Response) res.getNote(ADAPTER_NOTES); - boolean create = false; if (request == null) { - create = true; // Create objects request = connector.createRequest(); request.setCoyoteRequest(req); @@ -365,10 +365,29 @@ (connector.getURIEncoding()); } - connector.getService().getContainer().logAccess( - request, response, time, true); - - if (create) { + try { + // Log at the lowest level available. logAccess() will be + // automatically called on parent containers. + boolean logged = false; + if (request.mappingData != null) { + if (request.mappingData.context != null) { + logged = true; + ((Context) request.mappingData.context).logAccess( + request, response, time, true); + } else if (request.mappingData.host != null) { + logged = true; + ((Host) request.mappingData.host).logAccess( + request, response, time, true); + } + } + if (!logged) { + connector.getService().getContainer().logAccess( + request, response, time, true); + } + } catch (Throwable t) { + ExceptionUtils.handleThrowable(t); + log.warn(sm.getString("coyoteAdapter.accesslogFail"), t); + } finally { request.recycle(); response.recycle(); } Index: apache-tomcat-6.0.33-src/webapps/docs/changelog.xml =================================================================== --- apache-tomcat-6.0.33-src.orig/webapps/docs/changelog.xml 2012-02-06 13:56:30.837512868 +0100 +++ apache-tomcat-6.0.33-src/webapps/docs/changelog.xml 2012-02-06 13:56:30.857513544 +0100 @@ -606,6 +606,12 @@ application's class loader such as the Jasper class loader. Patch provided by Sylvain Laurent. (kkolinko) </add> + <fix> + <bug>51872</bug>: Ensure that the access log always uses the correct + value for the remote IP address associated with the request and that + requests with multiple errors do not result in multiple entries in + the access log. (markt) + </fix> <add> <bug>48973</bug>: Avoid creating a SESSIONS.ser file when stopping an application if there's no session. Patch provided by Marc Guillemot.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor