You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2012/10/16 04:20:47 UTC
[Bug 54010] New: Suggestion for code improvement (avoiding potential
bug)
https://issues.apache.org/bugzilla/show_bug.cgi?id=54010
Priority: P2
Bug ID: 54010
Assignee: dev@tomcat.apache.org
Summary: Suggestion for code improvement (avoiding potential
bug)
Severity: normal
Classification: Unclassified
OS: Linux
Reporter: shensiulap@gmail.com
Hardware: PC
Status: NEW
Version: 5.5.36
Component: Connector:Coyote
Product: Tomcat 5
In connectors/jk/java/org/apache/jk/common/HandlerRequest.java
coyote.Request's schemeMB is assigned in 2 places.
1st place:
400 boolean isSSL = msg.getByte() != 0;
401 if( isSSL ) {
402 // XXX req.setSecure( true );
403 req.scheme().setString("https");
404 }
2nd place:
518 case AjpConstants.SC_A_SSL_CERT :
519 req.scheme().setString( "https" );
and similar assignments for SC_A_SSL_CIPHER and SC_A_SSL_SESSION cases below.
It seems they do not make sense because the packet's 8-bit field is designated
for telling whether it's SSL or not. So the 1st place is enough. Adding the 2nd
place may pose potential bug in that a packet with the 8-bit SSL field being 0
and suffixes of SC_A_SSL_* key-value pairs can later incorrect trigger a wrong
redirection message pointing to a https location.
A simple correction is to honor the 8-bit SSL-field in packet and delete the 3
lines of 2nd place assigning "https".
Even though the chances of such spurious packet is low, but it's best we can
have threat-free, semantic-correct tomcat code.
The same lines of code remain in 6.0 and 7.0.
But maybe I misunderstand the code, in which case please kindly point out.
Thanks.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 54010] Suggestion for code improvement (avoiding potential bug)
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54010
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Mark Thomas <ma...@apache.org> ---
Fixed in 8.0.x and will be included in 8.0.0 onwards.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 54010] Suggestion for code improvement (avoiding potential bug)
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54010
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|Connector:Coyote |Connectors
Version|5.5.36 |trunk
Product|Tomcat 5 |Tomcat 8
Target Milestone|--- |----
Severity|normal |enhancement
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Tomcat 5.5.x is no longer supported.
Looking at the mod_jk, I don't see how there could ever be a problem here but
there is scope for removing the additional unnecessary calls.
Moving this to Tomcat 8.0.x and marking as an enhancement.
This will most likely get be applied to 8.0.x only, as part of the ongoing
clean-up of the code base for the 8.0.x branch.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 54010] Suggestion for code improvement (avoiding potential bug)
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54010
--- Comment #3 from Dongcai Shen <sh...@gmail.com> ---
Thank Mark for your efforts.
The credit of this vulnerability should be given to this bug report:
https://issues.apache.org/bugzilla/show_bug.cgi?id=36883
They discovered the bug but only fixed in the httpd site and left the problem
in tomcat intact. Now the problem at the tomcat part is also fixed.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org