/[packages]/updates/1/tomcat6/current/SOURCES/tomcat6-CVE-2012-4431.diff
ViewVC logotype

Contents of /updates/1/tomcat6/current/SOURCES/tomcat6-CVE-2012-4431.diff

Parent Directory Parent Directory | Revision Log Revision Log


Revision 391710 - (show annotations) (download)
Wed Jan 23 18:55:43 2013 UTC (11 years, 2 months ago) by luigiwalser
File size: 2165 byte(s)
- add upstream patches to fix:
  - CVE-2012-2733
  - CVE-2012-588[5-7] (was CVE-2012-3439)
  - CVE-2012-3546
  - CVE-2012-4431
  - CVE-2012-4534

1
2 http://svn.apache.org/viewvc?view=revision&revision=1394456
3
4 --- java/org/apache/catalina/filters/CsrfPreventionFilter.java 2011-11-28 11:22:45.000000000 +0100
5 +++ java/org/apache/catalina/filters/CsrfPreventionFilter.java.oden 2012-12-31 11:15:30.604179520 +0100
6 @@ -33,6 +33,7 @@ import javax.servlet.ServletResponse;
7 import javax.servlet.http.HttpServletRequest;
8 import javax.servlet.http.HttpServletResponse;
9 import javax.servlet.http.HttpServletResponseWrapper;
10 +import javax.servlet.http.HttpSession;
11
12 import org.apache.juli.logging.Log;
13 import org.apache.juli.logging.LogFactory;
14 @@ -153,16 +154,19 @@ public class CsrfPreventionFilter extend
15 }
16 }
17
18 + HttpSession session = req.getSession(false);
19 +
20 @SuppressWarnings("unchecked")
21 - LruCache<String> nonceCache =
22 - (LruCache<String>) req.getSession(true).getAttribute(
23 - Constants.CSRF_NONCE_SESSION_ATTR_NAME);
24 -
25 + LruCache<String> nonceCache = (session == null) ? null
26 + : (LruCache<String>) session.getAttribute(
27 + Constants.CSRF_NONCE_SESSION_ATTR_NAME);
28 +
29 if (!skipNonceCheck) {
30 String previousNonce =
31 req.getParameter(Constants.CSRF_NONCE_REQUEST_PARAM);
32
33 - if (nonceCache != null && !nonceCache.contains(previousNonce)) {
34 + if (nonceCache == null || previousNonce == null ||
35 + !nonceCache.contains(previousNonce)) {
36 res.sendError(HttpServletResponse.SC_FORBIDDEN);
37 return;
38 }
39 @@ -170,7 +174,10 @@ public class CsrfPreventionFilter extend
40
41 if (nonceCache == null) {
42 nonceCache = new LruCache<String>(nonceCacheSize);
43 - req.getSession().setAttribute(
44 + if (session == null) {
45 + session = req.getSession(true);
46 + }
47 + session.setAttribute(
48 Constants.CSRF_NONCE_SESSION_ATTR_NAME, nonceCache);
49 }
50

  ViewVC Help
Powered by ViewVC 1.1.30