File axis-CVE-2023-51441.patch of Package axis

Overview Repositories Revisions Requests Users Attributes Meta

File axis-CVE-2023-51441.patch of Package axis

Index: axis-1_4/src/org/apache/axis/client/ServiceFactory.java
===================================================================
--- axis-1_4.orig/src/org/apache/axis/client/ServiceFactory.java
+++ axis-1_4/src/org/apache/axis/client/ServiceFactory.java
@@ -17,9 +17,11 @@
 package org.apache.axis.client;
 
 import org.apache.axis.EngineConfiguration;
+import org.apache.axis.components.logger.LogFactory;
 import org.apache.axis.configuration.EngineConfigurationFactoryFinder;
 import org.apache.axis.utils.ClassUtils;
 import org.apache.axis.utils.Messages;
+import org.apache.commons.logging.Log;
 
 import javax.naming.Context;
 import javax.naming.InitialContext;
@@ -47,6 +49,9 @@ import java.util.Properties;
 public class ServiceFactory extends javax.xml.rpc.ServiceFactory
         implements ObjectFactory
 {
+    protected static Log log =
+        LogFactory.getLog(ServiceFactory.class.getName());
+
     // Constants for RefAddrs in the Reference.
     public static final String SERVICE_CLASSNAME  = "service classname";
     public static final String WSDL_LOCATION      = "WSDL location";
@@ -106,6 +111,11 @@ public class ServiceFactory extends java
         
         if (context != null) {
             String name = (String)environment.get("jndiName");
+
+	    if(name!=null && (name.toUpperCase().indexOf("LDAP")!=-1 || name.toUpperCase().indexOf("RMI")!=-1 || name.toUpperCase().indexOf("JMS")!=-1 || name.toUpperCase().indexOf("JMX")!=-1) || name.toUpperCase().indexOf("JRMP")!=-1 || name.toUpperCase().indexOf("JAVA")!=-1 || name.toUpperCase().indexOf("DNS")!=-1 || name.toUpperCase().indexOf("IIOP")!=-1 || name.toUpperCase().indexOf("CORBANAME")!=-1) {
+                log.warn("returning null, jndiName received by ServiceFactory.getService() is not supported by this method: " + name);
+	        return null;
+            }
             if (name == null) {
                 name = "axisServiceName";
             }
@@ -120,6 +130,7 @@ public class ServiceFactory extends java
                     context.bind(name, service);
                 } catch (NamingException e1) {
                     // !!! Couldn't do it, what should we do here?
+	            return null;
                 }
             }
         } else {

Places

File axis-CVE-2023-51441.patch of Package axis

Places