This is an automated email from the git hooks/post-receive script.
apo pushed a commit to branch master
in repository lucene-solr.
commit 4e5f8a68c6a05d98dd90ee5d3d731e2445c9313a
Author: Markus Koschany <a...@debian.org>
Date: Sun Jan 14 00:54:38 2018 +0100
Fix CVE-2017-3163
---
debian/patches/CVE-2017-3163.patch | 50 ++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 51 insertions(+)
diff --git a/debian/patches/CVE-2017-3163.patch
b/debian/patches/CVE-2017-3163.patch
new file mode 100644
index 0000000..a5140ff
--- /dev/null
+++ b/debian/patches/CVE-2017-3163.patch
@@ -0,0 +1,50 @@
+Description: Validation of filename params in ReplicationHandler
+ This is a backport of upstream patch available in commit
+ ae789c252687dc8a18bfdb677f2e6cd14570e4db made by janhoy <jan...@apache.org>
+Author: Lucas Kanashiro <kanash...@debian.org>
+Last-Updated: 2017-07-21
+
+--- a/solr/core/src/java/org/apache/solr/handler/ReplicationHandler.java
++++ b/solr/core/src/java/org/apache/solr/handler/ReplicationHandler.java
+@@ -42,6 +42,8 @@
+ import java.io.*;
+ import java.nio.ByteBuffer;
+ import java.nio.channels.FileChannel;
++import java.nio.file.Path;
++import java.nio.file.Paths;
+ import java.text.NumberFormat;
+ import java.util.*;
+ import java.util.concurrent.locks.ReentrantLock;
+@@ -1010,8 +1012,8 @@
+ }
+
+ public void write(OutputStream out) throws IOException {
+- String fileName = params.get(FILE);
+- String cfileName = params.get(CONF_FILE_SHORT);
++ String fileName = validateFilenameOrError(params.get(FILE));
++ String cfileName = validateFilenameOrError(params.get(CONF_FILE_SHORT));
+ String sOffset = params.get(OFFSET);
+ String sLen = params.get(LEN);
+ String compress = params.get(COMPRESSION);
+@@ -1091,6 +1093,21 @@
+ }
+ }
+
++ // Throw exception on directory traversal attempts
++ protected String validateFilenameOrError(String filename) {
++ if (filename != null) {
++ Path filePath = Paths.get(filename);
++ for (Path subpath : filePath) {
++ if ("..".equals(subpath.toString())) {
++ throw new SolrException(ErrorCode.FORBIDDEN, "File name cannot
contain ..");
++ }
++ }
++ if (filePath.isAbsolute()) {
++ throw new SolrException(ErrorCode.FORBIDDEN, "File name must be
relative");
++ }
++ return filename;
++ } else return null;
++ }
+
+ /**
+ * Used to write a marker for EOF
diff --git a/debian/patches/series b/debian/patches/series
index 133e43c..efe950d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -13,3 +13,4 @@ commons-codec-compatibility.patch
java8-compatibility.patch
CVE-2017-12629.patch
remove-RunExecutableListener.patch
+CVE-2017-3163.patch
--
Alioth's /usr/local/bin/git-commit-notice on
/srv/git.debian.org/git/pkg-java/lucene-solr.git
_______________________________________________
pkg-java-commits mailing list
pkg-java-comm...@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
