[Git][java-team/tomcat8][stretch] CVE-2021-30640: Fix NullPointerException

Markus Koschany (@apo) gitlab at salsa.debian.org
Wed Aug 11 15:47:40 BST 2021



Markus Koschany pushed to branch stretch at Debian Java Maintainers / tomcat8


Commits:
45148fa6 by Markus Koschany at 2021-08-11T16:46:45+02:00
CVE-2021-30640: Fix NullPointerException

If no userRoleAttribute is specified in the user's Realm configuration its
default value will be null. This will cause a NPE in the methods
doFilterEscaping and doAttributeValueEscaping. This is upstream bug

https://bz.apache.org/bugzilla/show_bug.cgi?id=65308

- - - - -


1 changed file:

- debian/patches/CVE-2021-30640.patch


Changes:

=====================================
debian/patches/CVE-2021-30640.patch
=====================================
@@ -12,13 +12,13 @@ Origin: https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d1
 Origin: https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38
 Origin: https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375
 ---
- java/org/apache/catalina/realm/JNDIRealm.java      | 134 +++++++++++++++++++--
+ java/org/apache/catalina/realm/JNDIRealm.java      | 140 +++++++++++++++++++--
  .../realm/TestJNDIRealmAttributeValueEscape.java   |  86 +++++++++++++
- 2 files changed, 210 insertions(+), 10 deletions(-)
+ 2 files changed, 216 insertions(+), 10 deletions(-)
  create mode 100644 test/org/apache/catalina/realm/TestJNDIRealmAttributeValueEscape.java
 
 diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
-index 387198b..994f895 100644
+index 387198b..e57be55 100644
 --- a/java/org/apache/catalina/realm/JNDIRealm.java
 +++ b/java/org/apache/catalina/realm/JNDIRealm.java
 @@ -1627,8 +1627,11 @@ public class JNDIRealm extends RealmBase {
@@ -111,7 +111,7 @@ index 387198b..994f895 100644
                              isRoleSearchAsUser());
  
                      try {
-@@ -2719,10 +2735,36 @@ public class JNDIRealm extends RealmBase {
+@@ -2719,10 +2735,39 @@ public class JNDIRealm extends RealmBase {
       *     )  -> \29
       *     \  -> \5c
       *     \0 -> \00
@@ -145,10 +145,13 @@ index 387198b..994f895 100644
 +     * @return String the escaped/encoded result
 +     */
 +    protected String doFilterEscaping(String inString) {
++        if (inString == null) {
++            return null;
++        }
          StringBuilder buf = new StringBuilder(inString.length());
          for (int i = 0; i < inString.length(); i++) {
              char c = inString.charAt(i);
-@@ -2812,6 +2854,78 @@ public class JNDIRealm extends RealmBase {
+@@ -2812,6 +2857,81 @@ public class JNDIRealm extends RealmBase {
      }
  
  
@@ -160,6 +163,9 @@ index 387198b..994f895 100644
 +     * @return      The string representation of the attribute value
 +     */
 +    protected String doAttributeValueEscaping(String input) {
++        if (input == null) {
++            return null;
++        }
 +        int len = input.length();
 +        StringBuilder result = new StringBuilder();
 +



View it on GitLab: https://salsa.debian.org/java-team/tomcat8/-/commit/45148fa66427c391e8dbfb0c01e0355bfc37f595

-- 
View it on GitLab: https://salsa.debian.org/java-team/tomcat8/-/commit/45148fa66427c391e8dbfb0c01e0355bfc37f595
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20210811/a0af762a/attachment.htm>


More information about the pkg-java-commits mailing list