Markus Koschany pushed to branch stretch at Debian Java Maintainers / tomcat8
Commits: 45148fa6 by Markus Koschany at 2021-08-11T16:46:45+02:00 CVE-2021-30640: Fix NullPointerException If no userRoleAttribute is specified in the user's Realm configuration its default value will be null. This will cause a NPE in the methods doFilterEscaping and doAttributeValueEscaping. This is upstream bug https://bz.apache.org/bugzilla/show_bug.cgi?id=65308 - - - - - 1 changed file: - debian/patches/CVE-2021-30640.patch Changes: ===================================== debian/patches/CVE-2021-30640.patch ===================================== @@ -12,13 +12,13 @@ Origin: https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d1 Origin: https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38 Origin: https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375 --- - java/org/apache/catalina/realm/JNDIRealm.java | 134 +++++++++++++++++++-- + java/org/apache/catalina/realm/JNDIRealm.java | 140 +++++++++++++++++++-- .../realm/TestJNDIRealmAttributeValueEscape.java | 86 +++++++++++++ - 2 files changed, 210 insertions(+), 10 deletions(-) + 2 files changed, 216 insertions(+), 10 deletions(-) create mode 100644 test/org/apache/catalina/realm/TestJNDIRealmAttributeValueEscape.java diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java -index 387198b..994f895 100644 +index 387198b..e57be55 100644 --- a/java/org/apache/catalina/realm/JNDIRealm.java +++ b/java/org/apache/catalina/realm/JNDIRealm.java @@ -1627,8 +1627,11 @@ public class JNDIRealm extends RealmBase { @@ -111,7 +111,7 @@ index 387198b..994f895 100644 isRoleSearchAsUser()); try { -@@ -2719,10 +2735,36 @@ public class JNDIRealm extends RealmBase { +@@ -2719,10 +2735,39 @@ public class JNDIRealm extends RealmBase { * ) -> \29 * \ -> \5c * \0 -> \00 @@ -145,10 +145,13 @@ index 387198b..994f895 100644 + * @return String the escaped/encoded result + */ + protected String doFilterEscaping(String inString) { ++ if (inString == null) { ++ return null; ++ } StringBuilder buf = new StringBuilder(inString.length()); for (int i = 0; i < inString.length(); i++) { char c = inString.charAt(i); -@@ -2812,6 +2854,78 @@ public class JNDIRealm extends RealmBase { +@@ -2812,6 +2857,81 @@ public class JNDIRealm extends RealmBase { } @@ -160,6 +163,9 @@ index 387198b..994f895 100644 + * @return The string representation of the attribute value + */ + protected String doAttributeValueEscaping(String input) { ++ if (input == null) { ++ return null; ++ } + int len = input.length(); + StringBuilder result = new StringBuilder(); + View it on GitLab: https://salsa.debian.org/java-team/tomcat8/-/commit/45148fa66427c391e8dbfb0c01e0355bfc37f595 -- View it on GitLab: https://salsa.debian.org/java-team/tomcat8/-/commit/45148fa66427c391e8dbfb0c01e0355bfc37f595 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ pkg-java-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-commits
