You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/09/22 10:18:30 UTC

svn commit: r1809293 - in /tomcat/tc7.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

Author: markt
Date: Fri Sep 22 10:18:29 2017
New Revision: 1809293

URL: http://svn.apache.org/viewvc?rev=1809293&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61542
Remainder of fix for CVE-2017-12617
This ensures that a path specified for creation of a file does not end in '/' since that is dropped by the File API.

Modified:
    tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java?rev=1809293&r1=1809292&r2=1809293&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java Fri Sep 22 10:18:29 2017
@@ -476,11 +476,16 @@ public class FileDirContext extends Base
      * @exception NamingException if a naming exception is encountered
      */
     @Override
-    public void bind(String name, Object obj, Attributes attrs)
-        throws NamingException {
+    public void bind(String name, Object obj, Attributes attrs) throws NamingException {
 
         // Note: No custom attributes allowed
 
+        // bind() is meant to create a file so ensure that the path doesn't end
+        // in '/'
+        if (name.endsWith("/")) {
+            throw new NamingException(sm.getString("resources.bindFailed", name));
+        }
+
         File file = file(name, false);
         if (file == null) {
             throw new NamingException(sm.getString("resources.bindFailed", name));

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1809293&r1=1809292&r2=1809293&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Sep 22 10:18:29 2017
@@ -90,6 +90,11 @@
         <code>DirContext</code> that represented the web application in a
         <code>ProxyDirContext</code> twice rather than just once. (markt)
       </fix>
+      <fix>
+        <bug>61542</bug>: Fix CVE-2017-12617 and prevent JSPs from being
+        uploaded via a specially crafted request when HTTP PUT was enabled.
+        (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org