[pkg-java] r7110 - in branches/tomcat5.5/5.5.26-2-security: container/catalina/src/share/org/apache/catalina/core debian

marcusb-guest at alioth.debian.org marcusb-guest at alioth.debian.org
Sat Oct 4 22:50:07 UTC 2008 

Author: marcusb-guest
Date: 2008-10-04 22:50:07 +0000 (Sat, 04 Oct 2008)
New Revision: 7110

Modified:
   branches/tomcat5.5/5.5.26-2-security/container/catalina/src/share/org/apache/catalina/core/ApplicationContext.java
   branches/tomcat5.5/5.5.26-2-security/debian/changelog
Log:
Apply fix for CVE-2008-2370 from http://svn.apache.org/viewvc?view=rev&revision=680949.


Modified: branches/tomcat5.5/5.5.26-2-security/container/catalina/src/share/org/apache/catalina/core/ApplicationContext.java
===================================================================
--- branches/tomcat5.5/5.5.26-2-security/container/catalina/src/share/org/apache/catalina/core/ApplicationContext.java	2008-10-04 22:47:29 UTC (rev 7109)
+++ branches/tomcat5.5/5.5.26-2-security/container/catalina/src/share/org/apache/catalina/core/ApplicationContext.java	2008-10-04 22:50:07 UTC (rev 7110)
@@ -379,10 +379,21 @@
             throw new IllegalArgumentException
                 (sm.getString
                  ("applicationContext.requestDispatcher.iae", path));
+
+        // Get query string
+        String queryString = null;
+        int pos = path.indexOf('?');
+        if (pos >= 0) {
+            queryString = path.substring(pos + 1);
+            path = path.substring(0, pos); 
+        }
+ 
         path = normalize(path);
         if (path == null)
             return (null);
 
+        pos = path.length();
+
         // Retrieve the thread local URI
         MessageBytes uriMB = (MessageBytes) localUriMB.get();
         if (uriMB == null) {
@@ -394,15 +405,6 @@
             uriMB.recycle();
         }
 
-        // Get query string
-        String queryString = null;
-        int pos = path.indexOf('?');
-        if (pos >= 0) {
-            queryString = path.substring(pos + 1);
-        } else {
-            pos = path.length();
-        }
- 
         // Retrieve the thread local mapping data
         MappingData mappingData = (MappingData) localMappingData.get();
         if (mappingData == null) {

Modified: branches/tomcat5.5/5.5.26-2-security/debian/changelog
===================================================================
--- branches/tomcat5.5/5.5.26-2-security/debian/changelog	2008-10-04 22:47:29 UTC (rev 7109)
+++ branches/tomcat5.5/5.5.26-2-security/debian/changelog	2008-10-04 22:50:07 UTC (rev 7110)
@@ -2,8 +2,9 @@
 
   * Security issues fixed.
     - CVE-2008-1232: XSS vulnerability.
+    - CVE-2008-2370: directory traversal vulnerability.
 
- -- Marcus Better <marcus at better.se>  Sun, 05 Oct 2008 00:29:12 +0200
+ -- Marcus Better <marcus at better.se>  Sun, 05 Oct 2008 00:49:17 +0200
 
 tomcat5.5 (5.5.26-2) unstable; urgency=low

More information about the pkg-java-commits mailing list