This is an automated email from the ASF dual-hosted git repository. rzo1 pushed a commit to branch tomee-9.x in repository https://gitbox.apache.org/repos/asf/tomee.git
commit bb5d3f8a73408a8327246d5ef4ffdab1ca5d5610 Author: Richard Zowalla <[email protected]> AuthorDate: Tue Apr 18 13:34:29 2023 +0200 Patches Tomcat 10.0.27 for CVE-2023-28708 by applying the changeset from https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b --- .../src/patch/java/org/apache/catalina/Globals.java | 7 +++++++ .../patch/java/org/apache/catalina/connector/Request.java | 14 ++++++++++++++ .../java/org/apache/catalina/filters/RemoteIpFilter.java | 7 +------ 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/tomee/apache-tomee/src/patch/java/org/apache/catalina/Globals.java b/tomee/apache-tomee/src/patch/java/org/apache/catalina/Globals.java index 916dd38e1c..c56a177d38 100644 --- a/tomee/apache-tomee/src/patch/java/org/apache/catalina/Globals.java +++ b/tomee/apache-tomee/src/patch/java/org/apache/catalina/Globals.java @@ -111,6 +111,13 @@ public final class Globals { public static final String SENDFILE_SUPPORTED_ATTR = org.apache.coyote.Constants.SENDFILE_SUPPORTED_ATTR; + /** + * The request attribute that is set to the value of {@code Boolean.TRUE} + * if {@link org.apache.catalina.filters.RemoteIpFilter} determines + * that this request was submitted via a secure channel. + */ + public static final String REMOTE_IP_FILTER_SECURE = "org.apache.catalina.filters.RemoteIpFilter.secure"; + /** * The request attribute that can be used by a servlet to pass * to the connector the name of the file that is to be served diff --git a/tomee/apache-tomee/src/patch/java/org/apache/catalina/connector/Request.java b/tomee/apache-tomee/src/patch/java/org/apache/catalina/connector/Request.java index 55e7e677fa..5f0b56e826 100644 --- a/tomee/apache-tomee/src/patch/java/org/apache/catalina/connector/Request.java +++ b/tomee/apache-tomee/src/patch/java/org/apache/catalina/connector/Request.java @@ -3585,5 +3585,19 @@ public class Request implements HttpServletRequest { // NO-OP } }); + specialAttributes.put(Globals.REMOTE_IP_FILTER_SECURE, + new SpecialAttributeAdapter() { + @Override + public Object get(Request request, String name) { + return Boolean.valueOf(request.isSecure()); + } + + @Override + public void set(Request request, String name, Object value) { + if (value instanceof Boolean) { + request.setSecure(((Boolean) value).booleanValue()); + } + } + }); } } diff --git a/tomee/apache-tomee/src/patch/java/org/apache/catalina/filters/RemoteIpFilter.java b/tomee/apache-tomee/src/patch/java/org/apache/catalina/filters/RemoteIpFilter.java index 75b5404dc9..732300a359 100644 --- a/tomee/apache-tomee/src/patch/java/org/apache/catalina/filters/RemoteIpFilter.java +++ b/tomee/apache-tomee/src/patch/java/org/apache/catalina/filters/RemoteIpFilter.java @@ -584,11 +584,6 @@ public class RemoteIpFilter extends GenericFilter { return serverPort; } - @Override - public boolean isSecure() { - return secure; - } - public void removeHeader(String name) { Map.Entry<String, List<String>> header = getHeaderEntry(name); if (header != null) { @@ -628,7 +623,7 @@ public class RemoteIpFilter extends GenericFilter { } public void setSecure(boolean secure) { - this.secure = secure; + super.getRequest().setAttribute(Globals.REMOTE_IP_FILTER_SECURE, Boolean.valueOf(secure)); } public void setServerName(String serverName) {
