Markus Koschany pushed to branch buster at Debian Java Maintainers / tomcat9
Commits: c6ee4323 by Markus Koschany at 2021-08-10T18:30:55+02:00 CVE-2021-30640: Fix NullPointerException If no userRoleAttribute is specified in the user's Realm configuration its default value will be null. This will cause a NPE in the methods doFilterEscaping and doAttributeValueEscaping. This is upstream bug https://bz.apache.org/bugzilla/show_bug.cgi?id=65308 - - - - - 1 changed file: - debian/patches/CVE-2021-30640.patch Changes: ===================================== debian/patches/CVE-2021-30640.patch ===================================== @@ -12,13 +12,13 @@ Origin: https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899f Origin: https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0 Origin: https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945 --- - java/org/apache/catalina/realm/JNDIRealm.java | 139 +++++++++++++++++++-- - .../realm/TestJNDIRealmAttributeValueEscape.java | 86 +++++++++++++ - 2 files changed, 214 insertions(+), 11 deletions(-) + java/org/apache/catalina/realm/JNDIRealm.java | 145 +++++++++++++++++++-- + .../realm/TestJNDIRealmAttributeValueEscape.java | 86 ++++++++++++ + 2 files changed, 220 insertions(+), 11 deletions(-) create mode 100644 test/org/apache/catalina/realm/TestJNDIRealmAttributeValueEscape.java diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java -index 26c97f1..1cc524a 100644 +index 26c97f1..3203849 100644 --- a/java/org/apache/catalina/realm/JNDIRealm.java +++ b/java/org/apache/catalina/realm/JNDIRealm.java @@ -1619,8 +1619,11 @@ public class JNDIRealm extends RealmBase { @@ -116,7 +116,7 @@ index 26c97f1..1cc524a 100644 isRoleSearchAsUser()); try { -@@ -2704,10 +2723,36 @@ public class JNDIRealm extends RealmBase { +@@ -2704,10 +2723,39 @@ public class JNDIRealm extends RealmBase { * ) -> \29 * \ -> \5c * \0 -> \00 @@ -150,10 +150,13 @@ index 26c97f1..1cc524a 100644 + * @return String the escaped/encoded result + */ + protected String doFilterEscaping(String inString) { ++ if (inString == null) { ++ return null; ++ } StringBuilder buf = new StringBuilder(inString.length()); for (int i = 0; i < inString.length(); i++) { char c = inString.charAt(i); -@@ -2797,6 +2842,78 @@ public class JNDIRealm extends RealmBase { +@@ -2797,6 +2845,81 @@ public class JNDIRealm extends RealmBase { } @@ -165,6 +168,9 @@ index 26c97f1..1cc524a 100644 + * @return The string representation of the attribute value + */ + protected String doAttributeValueEscaping(String input) { ++ if (input == null) { ++ return null; ++ } + int len = input.length(); + StringBuilder result = new StringBuilder(); + View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/commit/c6ee4323957e6171451affc7c2927d168677bb3f -- View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/commit/c6ee4323957e6171451affc7c2927d168677bb3f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ pkg-java-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-commits
