File tomcat-9.0-CVE-2020-17527.patch of Package tomcat.28365

Overview Repositories Revisions Requests Users Attributes Meta

File tomcat-9.0-CVE-2020-17527.patch of Package tomcat.28365

From d56293f816d6dc9e2b47107f208fa9e95db58c65 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Mon, 9 Nov 2020 19:23:12 +0000
Subject: [PATCH] Fix BZ 64830 - concurrency issue in HPACK decoder

https://bz.apache.org/bugzilla/show_bug.cgi?id=64830
---
 java/org/apache/coyote/http2/HpackDecoder.java | 12 ++++--------
 webapps/docs/changelog.xml                     |  3 +++
 2 files changed, 7 insertions(+), 8 deletions(-)

Index: apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/HpackDecoder.java
===================================================================
--- apache-tomcat-9.0.36-src.orig/java/org/apache/coyote/http2/HpackDecoder.java
+++ apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/HpackDecoder.java
@@ -73,8 +73,6 @@ public class HpackDecoder {
     private volatile boolean countedCookie;
     private volatile int headerSize = 0;
 
-    private final StringBuilder stringBuilder = new StringBuilder();
-
     HpackDecoder(int maxMemorySize) {
         this.maxMemorySizeHard = maxMemorySize;
         this.maxMemorySizeSoft = maxMemorySize;
@@ -223,19 +221,17 @@ public class HpackDecoder {
         if (huffman) {
             return readHuffmanString(length, buffer);
         }
+        StringBuilder stringBuilder = new StringBuilder(length);
         for (int i = 0; i < length; ++i) {
             stringBuilder.append((char) buffer.get());
         }
-        String ret = stringBuilder.toString();
-        stringBuilder.setLength(0);
-        return ret;
+        return stringBuilder.toString();
     }
 
     private String readHuffmanString(int length, ByteBuffer buffer) throws HpackException {
+        StringBuilder stringBuilder = new StringBuilder(length);
         HPackHuffman.decode(buffer, length, stringBuilder);
-        String ret = stringBuilder.toString();
-        stringBuilder.setLength(0);
-        return ret;
+        return stringBuilder.toString();
     }
 
     private String handleIndexedHeaderName(int index) throws HpackException {
Index: apache-tomcat-9.0.36-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.36-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.36-src/webapps/docs/changelog.xml
@@ -130,6 +130,9 @@
         Include the target URL in the log message when a WebSocket connection
         fails. (markt)
       </add>
+      <fix>
+        <bug>64830</bug>: Fix concurrency issue in HPACK decoder. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">

Places

File tomcat-9.0-CVE-2020-17527.patch of Package tomcat.28365

Places