[Git][java-team/tomcat8][stretch] CVE-2021-30640: Fix NullPointerException
Markus Koschany (@apo)
gitlab at salsa.debian.org
Wed Aug 11 15:47:40 BST 2021
Markus Koschany pushed to branch stretch at Debian Java Maintainers / tomcat8
Commits:
45148fa6 by Markus Koschany at 2021-08-11T16:46:45+02:00
CVE-2021-30640: Fix NullPointerException
If no userRoleAttribute is specified in the user's Realm configuration its
default value will be null. This will cause a NPE in the methods
doFilterEscaping and doAttributeValueEscaping. This is upstream bug
https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
- - - - -
1 changed file:
- debian/patches/CVE-2021-30640.patch
Changes:
=====================================
debian/patches/CVE-2021-30640.patch
=====================================
@@ -12,13 +12,13 @@ Origin: https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d1
Origin: https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38
Origin: https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375
---
- java/org/apache/catalina/realm/JNDIRealm.java | 134 +++++++++++++++++++--
+ java/org/apache/catalina/realm/JNDIRealm.java | 140 +++++++++++++++++++--
.../realm/TestJNDIRealmAttributeValueEscape.java | 86 +++++++++++++
- 2 files changed, 210 insertions(+), 10 deletions(-)
+ 2 files changed, 216 insertions(+), 10 deletions(-)
create mode 100644 test/org/apache/catalina/realm/TestJNDIRealmAttributeValueEscape.java
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
-index 387198b..994f895 100644
+index 387198b..e57be55 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -1627,8 +1627,11 @@ public class JNDIRealm extends RealmBase {
@@ -111,7 +111,7 @@ index 387198b..994f895 100644
isRoleSearchAsUser());
try {
-@@ -2719,10 +2735,36 @@ public class JNDIRealm extends RealmBase {
+@@ -2719,10 +2735,39 @@ public class JNDIRealm extends RealmBase {
* ) -> \29
* \ -> \5c
* \0 -> \00
@@ -145,10 +145,13 @@ index 387198b..994f895 100644
+ * @return String the escaped/encoded result
+ */
+ protected String doFilterEscaping(String inString) {
++ if (inString == null) {
++ return null;
++ }
StringBuilder buf = new StringBuilder(inString.length());
for (int i = 0; i < inString.length(); i++) {
char c = inString.charAt(i);
-@@ -2812,6 +2854,78 @@ public class JNDIRealm extends RealmBase {
+@@ -2812,6 +2857,81 @@ public class JNDIRealm extends RealmBase {
}
@@ -160,6 +163,9 @@ index 387198b..994f895 100644
+ * @return The string representation of the attribute value
+ */
+ protected String doAttributeValueEscaping(String input) {
++ if (input == null) {
++ return null;
++ }
+ int len = input.length();
+ StringBuilder result = new StringBuilder();
+
View it on GitLab: https://salsa.debian.org/java-team/tomcat8/-/commit/45148fa66427c391e8dbfb0c01e0355bfc37f595
--
View it on GitLab: https://salsa.debian.org/java-team/tomcat8/-/commit/45148fa66427c391e8dbfb0c01e0355bfc37f595
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20210811/a0af762a/attachment.htm>
More information about the pkg-java-commits
mailing list