You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-dev@jakarta.apache.org by oz...@apache.org on 2007/11/01 13:26:24 UTC
svn commit: r590976 -
/jakarta/slide/trunk/src/webdav/server/org/apache/slide/webdav/method/LockMethod.java
Author: ozeigermann
Date: Thu Nov 1 05:26:24 2007
New Revision: 590976
URL: http://svn.apache.org/viewvc?rev=590976&view=rev
Log:
Quick-fix for security issue raised here
www.milw0rm.com/exploits/4567
Modified:
jakarta/slide/trunk/src/webdav/server/org/apache/slide/webdav/method/LockMethod.java
Modified: jakarta/slide/trunk/src/webdav/server/org/apache/slide/webdav/method/LockMethod.java
URL: http://svn.apache.org/viewvc/jakarta/slide/trunk/src/webdav/server/org/apache/slide/webdav/method/LockMethod.java?rev=590976&r1=590975&r2=590976&view=diff
==============================================================================
--- jakarta/slide/trunk/src/webdav/server/org/apache/slide/webdav/method/LockMethod.java (original)
+++ jakarta/slide/trunk/src/webdav/server/org/apache/slide/webdav/method/LockMethod.java Thu Nov 1 05:26:24 2007
@@ -303,7 +303,10 @@
* if parsing the request failed or if the request is not valid.
*/
private void parseOwner(Element ownerElement) throws JDOMException {
+ lockInfo_lockOwner = DEFAULT_LOCK_OWNER;
+ // ozeigermann, 1. November 2007: Had to disable this part due to an exploit caused by JDOM (as it seems): http://www.milw0rm.com/exploits/4567
+ /*
if (ownerElement == null) {
lockInfo_lockOwner = DEFAULT_LOCK_OWNER;
return;
@@ -326,6 +329,7 @@
//throw new JDOMException("<"+E_OWNER+"> element must not be
// empty");
}
+ */
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-dev-help@jakarta.apache.org