[tomcat7] 01/03: Add BZ57544-infinite-loop-part2.patch

Wed, 22 Feb 2017 11:17:44 -0800 

This is an automated email from the git hooks/post-receive script.

apo pushed a commit to branch wheezy
in repository tomcat7.

commit 96c55c2f05c1ae5ec8de029a4c0823ebdc5bcdb0
Author: Markus Koschany <[email protected]>
Date:   Sat Feb 18 18:06:29 2017 +0000

    Add BZ57544-infinite-loop-part2.patch
    
    and fix regression due to an incomplete fix for CVE-2017-6056
---
 debian/patches/BZ57544-infinite-loop-part2.patch | 25 ++++++++++++++++++++++++
 debian/patches/series                            |  1 +
 2 files changed, 26 insertions(+)

diff --git a/debian/patches/BZ57544-infinite-loop-part2.patch 
b/debian/patches/BZ57544-infinite-loop-part2.patch
new file mode 100644
index 0000000..50e5414
--- /dev/null
+++ b/debian/patches/BZ57544-infinite-loop-part2.patch
@@ -0,0 +1,25 @@
+From: Markus Koschany <[email protected]>
+Date: Sat, 18 Feb 2017 18:04:45 +0000
+Subject: BZ57544-infinite-loop-part2
+
+---
+ java/org/apache/coyote/http11/AbstractInputBuffer.java | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/java/org/apache/coyote/http11/AbstractInputBuffer.java 
b/java/org/apache/coyote/http11/AbstractInputBuffer.java
+index 5d54a05..a5a16b7 100644
+--- a/java/org/apache/coyote/http11/AbstractInputBuffer.java
++++ b/java/org/apache/coyote/http11/AbstractInputBuffer.java
+@@ -222,9 +222,10 @@ public abstract class AbstractInputBuffer<S> implements 
InputBuffer{
+         // Copy leftover bytes to the beginning of the buffer
+         if (lastValid - pos > 0 && pos > 0) {
+             System.arraycopy(buf, pos, buf, 0, lastValid - pos);
+-            lastValid = lastValid - pos;
+-            pos = 0;
+         }
++        // Always reset pos to zero
++        lastValid = lastValid - pos;
++        pos = 0;
+ 
+         // Recycle filters
+         for (int i = 0; i <= lastActiveFilter; i++) {
diff --git a/debian/patches/series b/debian/patches/series
index e32d3bc..0377f0a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -48,3 +48,4 @@ CVE-2016-5018-part2.patch
 CVE-2016-6797-part2.patch
 CVE-2016-8745.patch
 BZ57544-infinite-loop.patch
+BZ57544-infinite-loop-part2.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-java/tomcat7.git

_______________________________________________
pkg-java-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits

Reply via email to