svn commit: r590976 - /jakarta/slide/trunk/src/webdav/server/org/apache/slide/webdav/method/LockMethod.java

[ozeigermann]

Author: ozeigermann
Date: Thu Nov  1 05:26:24 2007
New Revision: 590976

URL: http://svn.apache.org/viewvc?rev=590976&view=rev
Log:
Quick-fix for security issue raised here

www.milw0rm.com/exploits/4567

Modified:
    
jakarta/slide/trunk/src/webdav/server/org/apache/slide/webdav/method/LockMethod.java

Modified: 
jakarta/slide/trunk/src/webdav/server/org/apache/slide/webdav/method/LockMethod.java
URL: 
http://svn.apache.org/viewvc/jakarta/slide/trunk/src/webdav/server/org/apache/slide/webdav/method/LockMethod.java?rev=590976&r1=590975&r2=590976&view=diff
==============================================================================
--- 
jakarta/slide/trunk/src/webdav/server/org/apache/slide/webdav/method/LockMethod.java
 (original)
+++ 
jakarta/slide/trunk/src/webdav/server/org/apache/slide/webdav/method/LockMethod.java
 Thu Nov  1 05:26:24 2007
@@ -303,7 +303,10 @@
         *             if parsing the request failed or if the request is not 
valid.
         */
        private void parseOwner(Element ownerElement) throws JDOMException {
+               lockInfo_lockOwner = DEFAULT_LOCK_OWNER;
 
+               // ozeigermann, 1. November 2007: Had to disable this part due 
to an exploit caused by JDOM (as it seems): http://www.milw0rm.com/exploits/4567
+               /*
                if (ownerElement == null) {
                        lockInfo_lockOwner = DEFAULT_LOCK_OWNER;
                        return;
@@ -326,6 +329,7 @@
                        //throw new JDOMException("<"+E_OWNER+"> element must 
not be
                        // empty");
                }
+               */
        }
 
        /**



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]