[Git][java-team/tomcat9][buster] CVE-2021-30640: Fix NullPointerException

Tue Aug 10 17:31:32 BST 2021


Markus Koschany pushed to branch buster at Debian Java Maintainers / tomcat9


Commits:
c6ee4323 by Markus Koschany at 2021-08-10T18:30:55+02:00
CVE-2021-30640: Fix NullPointerException

If no userRoleAttribute is specified in the user's Realm configuration its
default value will be null. This will cause a NPE in the methods
doFilterEscaping and doAttributeValueEscaping. This is upstream bug

https://bz.apache.org/bugzilla/show_bug.cgi?id=65308

- - - - -


1 changed file:

- debian/patches/CVE-2021-30640.patch


Changes:

=====================================
debian/patches/CVE-2021-30640.patch
=====================================
@@ -12,13 +12,13 @@ Origin: https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899f
 Origin: https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0
 Origin: https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945
 ---
- java/org/apache/catalina/realm/JNDIRealm.java      | 139 +++++++++++++++++++--
- .../realm/TestJNDIRealmAttributeValueEscape.java   |  86 +++++++++++++
- 2 files changed, 214 insertions(+), 11 deletions(-)
+ java/org/apache/catalina/realm/JNDIRealm.java      | 145 +++++++++++++++++++--
+ .../realm/TestJNDIRealmAttributeValueEscape.java   |  86 ++++++++++++
+ 2 files changed, 220 insertions(+), 11 deletions(-)
  create mode 100644 test/org/apache/catalina/realm/TestJNDIRealmAttributeValueEscape.java
 
 diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
-index 26c97f1..1cc524a 100644
+index 26c97f1..3203849 100644
 --- a/java/org/apache/catalina/realm/JNDIRealm.java
 +++ b/java/org/apache/catalina/realm/JNDIRealm.java
 @@ -1619,8 +1619,11 @@ public class JNDIRealm extends RealmBase {
@@ -116,7 +116,7 @@ index 26c97f1..1cc524a 100644
                              isRoleSearchAsUser());
  
                      try {
-@@ -2704,10 +2723,36 @@ public class JNDIRealm extends RealmBase {
+@@ -2704,10 +2723,39 @@ public class JNDIRealm extends RealmBase {
       *     )  -> \29
       *     \  -> \5c
       *     \0 -> \00
@@ -150,10 +150,13 @@ index 26c97f1..1cc524a 100644
 +     * @return String the escaped/encoded result
 +     */
 +    protected String doFilterEscaping(String inString) {
++        if (inString == null) {
++            return null;
++        }
          StringBuilder buf = new StringBuilder(inString.length());
          for (int i = 0; i < inString.length(); i++) {
              char c = inString.charAt(i);
-@@ -2797,6 +2842,78 @@ public class JNDIRealm extends RealmBase {
+@@ -2797,6 +2845,81 @@ public class JNDIRealm extends RealmBase {
      }
  
  
@@ -165,6 +168,9 @@ index 26c97f1..1cc524a 100644
 +     * @return      The string representation of the attribute value
 +     */
 +    protected String doAttributeValueEscaping(String input) {
++        if (input == null) {
++            return null;
++        }
 +        int len = input.length();
 +        StringBuilder result = new StringBuilder();
 +



View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/commit/c6ee4323957e6171451affc7c2927d168677bb3f

-- 
View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/commit/c6ee4323957e6171451affc7c2927d168677bb3f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20210810/fa6a2a33/attachment.htm>
