[Git][java-team/tomcat9][bullseye] CVE-2021-30640: Fix NullPointerException

Tue Aug 10 17:29:12 BST 2021


Markus Koschany pushed to branch bullseye at Debian Java Maintainers / tomcat9


Commits:
641d5d5c by Markus Koschany at 2021-08-10T18:25:35+02:00
CVE-2021-30640: Fix NullPointerException

If no userRoleAttribute is specified in the user's Realm configuration its
default value will be null. This will cause a NPE in the methods
doFilterEscaping and doAttributeValueEscaping. This is upstream bug

https://bz.apache.org/bugzilla/show_bug.cgi?id=65308

- - - - -


1 changed file:

- debian/patches/CVE-2021-30640.patch


Changes:

=====================================
debian/patches/CVE-2021-30640.patch
=====================================
@@ -12,13 +12,13 @@ Origin: https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899f
 Origin: https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0
 Origin: https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945
 ---
- java/org/apache/catalina/realm/JNDIRealm.java      | 137 +++++++++++++++++++--
+ java/org/apache/catalina/realm/JNDIRealm.java      | 143 +++++++++++++++++++--
  .../realm/TestJNDIRealmAttributeValueEscape.java   |  86 +++++++++++++
- 2 files changed, 213 insertions(+), 10 deletions(-)
+ 2 files changed, 219 insertions(+), 10 deletions(-)
  create mode 100644 test/org/apache/catalina/realm/TestJNDIRealmAttributeValueEscape.java
 
 diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
-index 7e2d578..358d008 100644
+index 7e2d578..2a03307 100644
 --- a/java/org/apache/catalina/realm/JNDIRealm.java
 +++ b/java/org/apache/catalina/realm/JNDIRealm.java
 @@ -1633,8 +1633,11 @@ public class JNDIRealm extends RealmBase {
@@ -114,7 +114,7 @@ index 7e2d578..358d008 100644
                              isRoleSearchAsUser());
  
                      try {
-@@ -2823,10 +2842,36 @@ public class JNDIRealm extends RealmBase {
+@@ -2823,10 +2842,39 @@ public class JNDIRealm extends RealmBase {
       *     )  -> \29
       *     \  -> \5c
       *     \0 -> \00
@@ -148,10 +148,13 @@ index 7e2d578..358d008 100644
 +     * @return String the escaped/encoded result
 +     */
 +    protected String doFilterEscaping(String inString) {
++        if (inString == null) {
++            return null;
++        }
          StringBuilder buf = new StringBuilder(inString.length());
          for (int i = 0; i < inString.length(); i++) {
              char c = inString.charAt(i);
-@@ -2916,6 +2961,78 @@ public class JNDIRealm extends RealmBase {
+@@ -2916,6 +2964,81 @@ public class JNDIRealm extends RealmBase {
      }
  
  
@@ -163,6 +166,9 @@ index 7e2d578..358d008 100644
 +     * @return      The string representation of the attribute value
 +     */
 +    protected String doAttributeValueEscaping(String input) {
++        if (input == null) {
++            return null;
++        }
 +        int len = input.length();
 +        StringBuilder result = new StringBuilder();
 +



View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/commit/641d5d5cd83773fe6b0191340b9538aad7c4c56e

-- 
View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/commit/641d5d5cd83773fe6b0191340b9538aad7c4c56e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20210810/43224355/attachment.htm>
