You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/09/22 10:18:30 UTC
svn commit: r1809293 - in /tomcat/tc7.0.x/trunk:
java/org/apache/naming/resources/FileDirContext.java
webapps/docs/changelog.xml
Author: markt
Date: Fri Sep 22 10:18:29 2017
New Revision: 1809293
URL: http://svn.apache.org/viewvc?rev=1809293&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61542
Remainder of fix for CVE-2017-12617
This ensures that a path specified for creation of a file does not end in '/' since that is dropped by the File API.
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java?rev=1809293&r1=1809292&r2=1809293&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java Fri Sep 22 10:18:29 2017
@@ -476,11 +476,16 @@ public class FileDirContext extends Base
* @exception NamingException if a naming exception is encountered
*/
@Override
- public void bind(String name, Object obj, Attributes attrs)
- throws NamingException {
+ public void bind(String name, Object obj, Attributes attrs) throws NamingException {
// Note: No custom attributes allowed
+ // bind() is meant to create a file so ensure that the path doesn't end
+ // in '/'
+ if (name.endsWith("/")) {
+ throw new NamingException(sm.getString("resources.bindFailed", name));
+ }
+
File file = file(name, false);
if (file == null) {
throw new NamingException(sm.getString("resources.bindFailed", name));
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1809293&r1=1809292&r2=1809293&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Sep 22 10:18:29 2017
@@ -90,6 +90,11 @@
<code>DirContext</code> that represented the web application in a
<code>ProxyDirContext</code> twice rather than just once. (markt)
</fix>
+ <fix>
+ <bug>61542</bug>: Fix CVE-2017-12617 and prevent JSPs from being
+ uploaded via a specially crafted request when HTTP PUT was enabled.
+ (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org