packages/jetty
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CVE-2019-10241

Browse Source 
CVE-2019-10241
This commit is contained in:
emancipator 2022-09-14 10:23:06 +08:00
parent 17e1bc4acb
commit 3bea1bc93f
13 changed files with 2673 additions and 3383 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

452
CVE-2020-27216.patch Normal file → Executable file
View File

@ -1,22 +1,17 @@
From 53e0e0e9b25a6309bf24ee3b10984f4145701edb Mon Sep 17 00:00:00 2001 From: Markus Koschany <apo@debian.org>
From: Joakim Erdfelt <joakim.erdfelt@gmail.com> Date: Sat, 3 Jul 2021 22:05:57 +0200
Date: Thu, 15 Oct 2020 17:39:30 -0500 Subject: CVE-2020-27216
Subject: [PATCH] Merge pull request from GHSA-g3wg-6mcf-8jj6
* Issue #5451 - Improving temp directory creation. Origin: https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb
Origin: https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f
+ Using new Files.createTempDirectory() instead
of nonsense around File.createTempFile()
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Fixes #5451 - Restoring File.deleteOnExit
--- ---
.../jetty/webapp/WebInfConfiguration.java | 20 +++++++------------ .../eclipse/jetty/webapp/WebInfConfiguration.java | 20 +--
1 file changed, 7 insertions(+), 13 deletions(-) .../server/session/InfinispanTestSupport.java | 173 +++++++++++++--------
.../test/java/org/eclipse/jetty/TestServer.java | 54 +++----
3 files changed, 135 insertions(+), 112 deletions(-)
diff --git a/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java diff --git a/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java
index b94f788..f39432d 100644 index b94f788..19663bc 100644
--- a/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java --- a/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java
+++ b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java +++ b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java
@@ -24,6 +24,8 @@ import java.net.URI; @@ -24,6 +24,8 @@ import java.net.URI;
@ -41,9 +36,9 @@ index b94f788..f39432d 100644
- tmpDir.deleteOnExit(); - tmpDir.deleteOnExit();
- context.setTempDirectory(tmpDir); - context.setTempDirectory(tmpDir);
+ Path tmpDir = Files.createTempDirectory(template.getTempDirectory().getParentFile().toPath(), WebInfConfiguration.getCanonicalNameForWebAppTmpDir(context)); + Path tmpDir = Files.createTempDirectory(template.getTempDirectory().getParentFile().toPath(), WebInfConfiguration.getCanonicalNameForWebAppTmpDir(context));
+ File tmpDirAsFile = tmpDir.toFile(); + File tmpDirAsFile = tmpDir.toFile();
+ tmpDirAsFile.deleteOnExit(); + tmpDirAsFile.deleteOnExit();
+ context.setTempDirectory(tmpDirAsFile); + context.setTempDirectory(tmpDirAsFile);
} }
@ -60,6 +55,423 @@ index b94f788..f39432d 100644
} }
configureTempDirectory(tmpDir, context); configureTempDirectory(tmpDir, context);
-- diff --git a/tests/test-sessions/test-infinispan-sessions/src/test/java/org/eclipse/jetty/server/session/InfinispanTestSupport.java b/tests/test-sessions/test-infinispan-sessions/src/test/java/org/eclipse/jetty/server/session/InfinispanTestSupport.java
2.23.0 index 57ecb1f..663e8dd 100644
--- a/tests/test-sessions/test-infinispan-sessions/src/test/java/org/eclipse/jetty/server/session/InfinispanTestSupport.java
+++ b/tests/test-sessions/test-infinispan-sessions/src/test/java/org/eclipse/jetty/server/session/InfinispanTestSupport.java
@@ -1,6 +1,6 @@
//
// ========================================================================
-// Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
+// Copyright (c) 1995-2021 Mort Bay Consulting Pty Ltd and others.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
@@ -16,38 +16,44 @@
// ========================================================================
//
-
package org.eclipse.jetty.server.session;
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-
import java.io.File;
+import java.lang.annotation.ElementType;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Properties;
+import org.eclipse.jetty.toolchain.test.FS;
import org.eclipse.jetty.util.IO;
+import org.hibernate.search.cfg.Environment;
+import org.hibernate.search.cfg.SearchMapping;
import org.infinispan.Cache;
-import org.infinispan.configuration.cache.Configuration;
import org.infinispan.configuration.cache.ConfigurationBuilder;
+import org.infinispan.configuration.cache.ConfigurationChildBuilder;
+import org.infinispan.configuration.cache.Index;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.manager.DefaultCacheManager;
import org.infinispan.manager.EmbeddedCacheManager;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
/**
* InfinispanTestSupport
- *
- *
*/
public class InfinispanTestSupport
{
- public static final String DEFAULT_CACHE_NAME = "session_test_cache";
- public Cache _cache;
-
+ public static final String DEFAULT_CACHE_NAME = "session_test_cache";
+ public Cache _cache;
+
public ConfigurationBuilder _builder;
- private File _tmpdir;
+ private File _tmpdir;
private boolean _useFileStore;
+ private boolean _serializeSessionData;
private String _name;
- public static EmbeddedCacheManager _manager;
-
+ public static EmbeddedCacheManager _manager;
+
static
{
try
@@ -59,53 +65,84 @@ public class InfinispanTestSupport
e.printStackTrace();
}
}
-
-
-
-
- public InfinispanTestSupport ()
+
+ public InfinispanTestSupport()
{
- this (null);
+ this(null);
}
-
+
public InfinispanTestSupport(String cacheName)
- {
+ {
if (cacheName == null)
- cacheName = DEFAULT_CACHE_NAME+System.currentTimeMillis();
-
+ cacheName = DEFAULT_CACHE_NAME + System.currentTimeMillis();
+
_name = cacheName;
_builder = new ConfigurationBuilder();
}
-
- public void setUseFileStore (boolean useFileStore)
+
+ public void setUseFileStore(boolean useFileStore)
{
_useFileStore = useFileStore;
}
-
- public Cache getCache ()
+
+ public void setSerializeSessionData(boolean serializeSessionData)
{
- return _cache;
+ _serializeSessionData = serializeSessionData;
}
- public void setup () throws Exception
+ public Cache getCache()
{
- if (_useFileStore)
- {
- _tmpdir = File.createTempFile("infini", "span");
- _tmpdir.delete();
- _tmpdir.mkdir();
- Configuration config = _builder.persistence().addSingleFileStore().location(_tmpdir.getAbsolutePath()).storeAsBinary().build();
- _manager.defineConfiguration(_name, config);
- }
- else
- {
- _manager.defineConfiguration(_name, _builder.build());
- }
- _cache = _manager.getCache(_name);
+ return _cache;
}
+ public void setup(Path root) throws Exception
+ {
+ Path indexesDir = root.resolve("indexes");
+ FS.ensureDirExists(indexesDir);
+
+ SearchMapping mapping = new SearchMapping();
+ mapping.entity(SessionData.class).indexed().providedId().property("expiry", ElementType.FIELD).field();
+ Properties properties = new Properties();
+ properties.put(Environment.MODEL_MAPPING, mapping);
+ properties.put("hibernate.search.default.indexBase", indexesDir.toString());
+
+ if (_useFileStore)
+ {
+ Path tmpDir = Files.createTempDirectory("infinispan");
+ _tmpdir = tmpDir.toFile();
+
+ ConfigurationChildBuilder b = _builder.indexing()
+ .index(Index.ALL)
+ .addIndexedEntity(SessionData.class)
+ .withProperties(properties)
+ .persistence()
+ .addSingleFileStore()
+ .location(_tmpdir.getAbsolutePath());
+ if (_serializeSessionData)
+ {
+ b = b.storeAsBinary().enable();
+ }
+
+ _manager.defineConfiguration(_name, b.build());
+ }
+ else
+ {
+ ConfigurationChildBuilder b = _builder.indexing()
+ .withProperties(properties)
+ .index(Index.ALL)
+ .addIndexedEntity(SessionData.class);
+
+ if (_serializeSessionData)
+ {
+ b = b.storeAsBinary().enable();
+ }
+
+ _manager.defineConfiguration(_name, b.build());
+ }
+ _cache = _manager.getCache(_name);
+ }
- public void teardown () throws Exception
+ public void teardown() throws Exception
{
_cache.clear();
_manager.removeCache(_name);
@@ -117,39 +154,41 @@ public class InfinispanTestSupport
}
}
}
-
-
+
@SuppressWarnings("unchecked")
- public void createSession (SessionData data)
- throws Exception
+ public void createSession(SessionData data)
+ throws Exception
{
- _cache.put(data.getContextPath()+"_"+data.getVhost()+"_"+data.getId(), data);
+ _cache.put(data.getContextPath() + "_" + data.getVhost() + "_" + data.getId(), data);
}
-
- public void createUnreadableSession (SessionData data)
+ public void createUnreadableSession(SessionData data)
{
-
+
}
-
-
- public boolean checkSessionExists (SessionData data)
- throws Exception
+
+ public boolean checkSessionExists(SessionData data)
+ throws Exception
{
- return (_cache.get(data.getContextPath()+"_"+data.getVhost()+"_"+data.getId()) != null);
+ return (_cache.get(data.getContextPath() + "_" + data.getVhost() + "_" + data.getId()) != null);
}
-
-
- public boolean checkSessionPersisted (SessionData data)
- throws Exception
+
+ public boolean checkSessionPersisted(SessionData data)
+ throws Exception
{
- Object obj = _cache.get(data.getContextPath()+"_"+data.getVhost()+"_"+data.getId());
+
+ //evicts the object from memory. Forces the cache to fetch the data from file
+ if (_useFileStore)
+ {
+ _cache.evict(data.getContextPath() + "_" + data.getVhost() + "_" + data.getId());
+ }
+
+ Object obj = _cache.get(data.getContextPath() + "_" + data.getVhost() + "_" + data.getId());
if (obj == null)
return false;
-
+
SessionData saved = (SessionData)obj;
-
-
+
//turn an Entity into a Session
assertEquals(data.getId(), saved.getId());
assertEquals(data.getContextPath(), saved.getContextPath());
@@ -168,11 +207,11 @@ public class InfinispanTestSupport
//same keys
assertTrue(data.getKeys().equals(saved.getKeys()));
//same values
- for (String name:data.getKeys())
+ for (String name : data.getKeys())
{
assertTrue(data.getAttribute(name).equals(saved.getAttribute(name)));
}
-
+
return true;
}
}
diff --git a/tests/test-webapps/test-jetty-webapp/src/test/java/org/eclipse/jetty/TestServer.java b/tests/test-webapps/test-jetty-webapp/src/test/java/org/eclipse/jetty/TestServer.java
index a7af064..c1c5dc5 100644
--- a/tests/test-webapps/test-jetty-webapp/src/test/java/org/eclipse/jetty/TestServer.java
+++ b/tests/test-webapps/test-jetty-webapp/src/test/java/org/eclipse/jetty/TestServer.java
@@ -1,6 +1,6 @@
//
// ========================================================================
-// Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
+// Copyright (c) 1995-2021 Mort Bay Consulting Pty Ltd and others.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
@@ -18,13 +18,11 @@
package org.eclipse.jetty;
-import java.io.File;
import java.io.IOException;
import java.lang.management.ManagementFactory;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.Path;
-
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -65,11 +63,11 @@ public class TestServer
((StdErrLog)Log.getLog()).setSource(false);
// TODO don't depend on this file structure
- Path jetty_root = FileSystems.getDefault().getPath(".").toAbsolutePath().normalize();
- if (!Files.exists(jetty_root.resolve("VERSION.txt")))
- jetty_root = FileSystems.getDefault().getPath("../../..").toAbsolutePath().normalize();
- if (!Files.exists(jetty_root.resolve("VERSION.txt")))
- throw new IllegalArgumentException(jetty_root.toString());
+ Path jettyRoot = FileSystems.getDefault().getPath(".").toAbsolutePath().normalize();
+ if (!Files.exists(jettyRoot.resolve("VERSION.txt")))
+ jettyRoot = FileSystems.getDefault().getPath("../../..").toAbsolutePath().normalize();
+ if (!Files.exists(jettyRoot.resolve("VERSION.txt")))
+ throw new IllegalArgumentException(jettyRoot.toString());
// Setup Threadpool
QueuedThreadPool threadPool = new QueuedThreadPool();
@@ -80,10 +78,9 @@ public class TestServer
server.manage(threadPool);
// Setup JMX
- MBeanContainer mbContainer=new MBeanContainer(ManagementFactory.getPlatformMBeanServer());
+ MBeanContainer mbContainer = new MBeanContainer(ManagementFactory.getPlatformMBeanServer());
server.addBean(mbContainer);
server.addBean(Log.getLog());
-
// Common HTTP configuration
HttpConfiguration config = new HttpConfiguration();
@@ -92,21 +89,19 @@ public class TestServer
config.addCustomizer(new SecureRequestCustomizer());
config.setSendDateHeader(true);
config.setSendServerVersion(true);
-
-
+
// Http Connector
HttpConnectionFactory http = new HttpConnectionFactory(config);
- ServerConnector httpConnector = new ServerConnector(server,http);
+ ServerConnector httpConnector = new ServerConnector(server, http);
httpConnector.setPort(8080);
httpConnector.setIdleTimeout(30000);
server.addConnector(httpConnector);
-
// Handlers
HandlerCollection handlers = new HandlerCollection();
ContextHandlerCollection contexts = new ContextHandlerCollection();
handlers.setHandlers(new Handler[]
- { contexts, new DefaultHandler() });
+ {contexts, new DefaultHandler()});
// Add restart handler to test the ability to save sessions and restart
RestartHandler restart = new RestartHandler();
@@ -114,15 +109,14 @@ public class TestServer
server.setHandler(restart);
-
// Setup context
HashLoginService login = new HashLoginService();
login.setName("Test Realm");
- login.setConfig(jetty_root.resolve("tests/test-webapps/test-jetty-webapp/src/main/config/demo-base/etc/realm.properties").toString());
+ login.setConfig(jettyRoot.resolve("tests/test-webapps/test-jetty-webapp/src/main/config/demo-base/etc/realm.properties").toString());
server.addBean(login);
- File log=File.createTempFile("jetty-yyyy_mm_dd", "log");
- CustomRequestLog requestLog = new CustomRequestLog(log.toString());
+ Path logPath = Files.createTempFile("jetty-yyyy_mm_dd", "log");
+ CustomRequestLog requestLog = new CustomRequestLog(logPath.toString());
server.setRequestLog(requestLog);
server.setStopAtShutdown(true);
@@ -130,23 +124,19 @@ public class TestServer
WebAppContext webapp = new WebAppContext();
webapp.setContextPath("/test");
webapp.setParentLoaderPriority(true);
- webapp.setResourceBase(jetty_root.resolve("tests/test-webapps/test-jetty-webapp/src/main/webapp").toString());
- webapp.setAttribute("testAttribute","testValue");
- File sessiondir=File.createTempFile("sessions",null);
- if (sessiondir.exists())
- sessiondir.delete();
- sessiondir.mkdir();
- sessiondir.deleteOnExit();
+ webapp.setResourceBase(jettyRoot.resolve("tests/test-webapps/test-jetty-webapp/src/main/webapp").toString());
+ webapp.setAttribute("testAttribute", "testValue");
+ Path sessionDir = Files.createTempDirectory("sessions");
DefaultSessionCache ss = new DefaultSessionCache(webapp.getSessionHandler());
FileSessionDataStore sds = new FileSessionDataStore();
ss.setSessionDataStore(sds);
- sds.setStoreDir(sessiondir);
+ sds.setStoreDir(sessionDir.toFile());
webapp.getSessionHandler().setSessionCache(ss);
contexts.addHandler(webapp);
ContextHandler srcroot = new ContextHandler();
- srcroot.setResourceBase(jetty_root.resolve("tests/test-webapps/test-jetty-webapp/src").toString());
+ srcroot.setResourceBase(jettyRoot.resolve("tests/test-webapps/test-jetty-webapp/src").toString());
srcroot.setHandler(new ResourceHandler());
srcroot.setContextPath("/src");
contexts.addHandler(srcroot);
@@ -158,17 +148,17 @@ public class TestServer
private static class RestartHandler extends HandlerWrapper
{
- /* ------------------------------------------------------------ */
+
/**
* @see org.eclipse.jetty.server.handler.HandlerWrapper#handle(java.lang.String, org.eclipse.jetty.server.Request, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
@Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
{
- super.handle(target,baseRequest,request,response);
+ super.handle(target, baseRequest, request, response);
if (Boolean.valueOf(request.getParameter("restart")))
{
- final Server server=getServer();
+ final Server server = getServer();
new Thread()
{
@@ -182,7 +172,7 @@ public class TestServer
Thread.sleep(100);
server.start();
}
- catch(Exception e)
+ catch (Exception e)
{
LOG.warn(e);
}

545
CVE-2020-27223-pre-1.patch
View File

@ -1,545 +0,0 @@
From 8011c48685e78850a88e7cc06650f678a375037d Mon Sep 17 00:00:00 2001
From: Greg Wilkins <gregw@webtide.com>
Date: Thu, 28 Feb 2019 18:37:02 +1100
Subject: [PATCH 1/4] Issue #3404 Updated QCSV Double usage
Signed-off-by: Greg Wilkins <gregw@webtide.com>
---
.../eclipse/jetty/http/QuotedQualityCSV.java | 58 ++++++++++---------
1 file changed, 30 insertions(+), 28 deletions(-)
diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java b/jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java
index 61cee88bfd5..c7047c57a4b 100644
--- a/jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java
+++ b/jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java
@@ -25,6 +25,8 @@
import java.util.List;
import java.util.function.Function;
+import org.eclipse.jetty.util.log.Log;
+
/* ------------------------------------------------------------ */
/**
* Implements a quoted comma separated list of quality values
@@ -37,21 +39,16 @@
*/
public class QuotedQualityCSV extends QuotedCSV implements Iterable<String>
{
- private final static Double ZERO=new Double(0.0);
- private final static Double ONE=new Double(1.0);
-
+ private final static Double ZERO = 0.0D;
+ private final static Double ONE = 1.0D;
/**
- * Function to apply a most specific MIME encoding secondary ordering
+ * Lambda to apply a most specific MIME encoding secondary ordering
*/
- public static Function<String, Integer> MOST_SPECIFIC = new Function<String, Integer>()
+ public static Function<String, Integer> MOST_SPECIFIC = s ->
{
- @Override
- public Integer apply(String s)
- {
- String[] elements = s.split("/");
- return 1000000*elements.length+1000*elements[0].length()+elements[elements.length-1].length();
- }
+ String[] elements = s.split("/");
+ return 1000000*elements.length+1000*elements[0].length()+elements[elements.length-1].length();
};
private final List<Double> _quality = new ArrayList<>();
@@ -74,7 +71,8 @@ public QuotedQualityCSV()
*/
public QuotedQualityCSV(String[] preferredOrder)
{
- this((s) -> {
+ this((s) ->
+ {
for (int i=0;i<preferredOrder.length;++i)
if (preferredOrder[i].equals(s))
return preferredOrder.length-i;
@@ -101,6 +99,8 @@ public QuotedQualityCSV(Function<String, Integer> secondaryOrdering)
protected void parsedValue(StringBuffer buffer)
{
super.parsedValue(buffer);
+
+ // Assume a quality of ONE
_quality.add(ONE);
}
@@ -108,30 +108,32 @@ protected void parsedValue(StringBuffer buffer)
@Override
protected void parsedParam(StringBuffer buffer, int valueLength, int paramName, int paramValue)
{
- if (paramName<0)
+ if (paramName < 0)
{
- if (buffer.charAt(buffer.length()-1)==';')
- buffer.setLength(buffer.length()-1);
+ if (buffer.charAt(buffer.length() - 1) == ';')
+ buffer.setLength(buffer.length() - 1);
}
- else if (paramValue>=0 &&
- buffer.charAt(paramName)=='q' && paramValue>paramName &&
- buffer.length()>=paramName && buffer.charAt(paramName+1)=='=')
+ else if (paramValue >= 0 &&
+ buffer.charAt(paramName) == 'q' && paramValue > paramName &&
+ buffer.length() >= paramName && buffer.charAt(paramName + 1) == '=')
{
Double q;
try
{
- q=(_keepQuotes && buffer.charAt(paramValue)=='"')
- ?new Double(buffer.substring(paramValue+1,buffer.length()-1))
- :new Double(buffer.substring(paramValue));
+ q = (_keepQuotes && buffer.charAt(paramValue) == '"')
+ ? Double.valueOf(buffer.substring(paramValue + 1, buffer.length() - 1))
+ : Double.valueOf(buffer.substring(paramValue));
}
- catch(Exception e)
+ catch (Exception e)
{
- q=ZERO;
- }
- buffer.setLength(Math.max(0,paramName-1));
-
- if (!ONE.equals(q))
- _quality.set(_quality.size()-1,q);
+ Log.getLogger(QuotedQualityCSV.class).ignore(e);
+ q = ZERO;
+ }
+ buffer.setLength(Math.max(0, paramName - 1));
+
+ if (!ONE.equals(q))
+ // replace assumed quality
+ _quality.set(_quality.size() - 1, q);
}
}
From ca8a10a9d5a50e7d814c65134144f776bff1c07a Mon Sep 17 00:00:00 2001
From: Greg Wilkins <gregw@webtide.com>
Date: Fri, 1 Mar 2019 10:17:02 +1100
Subject: [PATCH 2/4] Issue #3404 Cleanup QCSV mime ordering
Signed-off-by: Greg Wilkins <gregw@webtide.com>
---
.../org/eclipse/jetty/http/HttpFields.java | 16 ++++++++-
.../eclipse/jetty/http/QuotedQualityCSV.java | 35 ++++++++++---------
.../jetty/http/QuotedQualityCSVTest.java | 2 +-
.../jetty/server/handler/ErrorHandler.java | 3 +-
4 files changed, 37 insertions(+), 19 deletions(-)
diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpFields.java b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpFields.java
index 14c4335eb5a..5a8b53013a7 100644
--- a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpFields.java
+++ b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpFields.java
@@ -31,6 +31,7 @@
import java.util.NoSuchElementException;
import java.util.Set;
import java.util.StringTokenizer;
+import java.util.function.Function;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
@@ -437,6 +438,19 @@ protected String addCSV(QuotedCSV existing,String... values)
* @param header The header
*/
public List<String> getQualityCSV(HttpHeader header)
+ {
+ return getQualityCSV(header,null);
+ }
+
+ /**
+ * Get multiple field values of the same name, split and
+ * sorted as a {@link QuotedQualityCSV}
+ *
+ * @param header The header
+ * @param secondaryOrdering Function to apply an ordering other than specified by quality
+ * @return List the values in quality order with the q param and OWS stripped
+ */
+ public List<String> getQualityCSV(HttpHeader header, Function<String, Integer> secondaryOrdering)
{
QuotedQualityCSV values = null;
for (HttpField f : this)
@@ -444,7 +458,7 @@ protected String addCSV(QuotedCSV existing,String... values)
if (f.getHeader()==header)
{
if (values==null)
- values = new QuotedQualityCSV();
+ values = new QuotedQualityCSV(secondaryOrdering);
values.addValue(f.getValue());
}
}
diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java b/jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java
index c7047c57a4b..498d4e01491 100644
--- a/jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java
+++ b/jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java
@@ -38,17 +38,20 @@
* @see "https://tools.ietf.org/html/rfc7231#section-5.3.1"
*/
public class QuotedQualityCSV extends QuotedCSV implements Iterable<String>
-{
- private final static Double ZERO = 0.0D;
- private final static Double ONE = 1.0D;
-
+{
/**
- * Lambda to apply a most specific MIME encoding secondary ordering
+ * Lambda to apply a most specific MIME encoding secondary ordering.
+ * @see "https://tools.ietf.org/html/rfc7231#section-5.3.2"
*/
- public static Function<String, Integer> MOST_SPECIFIC = s ->
+ public static Function<String, Integer> MOST_SPECIFIC_MIME_ORDERING = s ->
{
- String[] elements = s.split("/");
- return 1000000*elements.length+1000*elements[0].length()+elements[elements.length-1].length();
+ if ("*/*".equals(s))
+ return 0;
+ if (s.endsWith("/*"))
+ return 1;
+ if (s.indexOf(';')<0)
+ return 2;
+ return 3;
};
private final List<Double> _quality = new ArrayList<>();
@@ -61,7 +64,7 @@
*/
public QuotedQualityCSV()
{
- this((s) -> 0);
+ this((Function)null);
}
/* ------------------------------------------------------------ */
@@ -91,7 +94,7 @@ public QuotedQualityCSV(String[] preferredOrder)
*/
public QuotedQualityCSV(Function<String, Integer> secondaryOrdering)
{
- this._secondaryOrdering = secondaryOrdering;
+ this._secondaryOrdering = secondaryOrdering == null ? s->0 : secondaryOrdering;
}
/* ------------------------------------------------------------ */
@@ -101,7 +104,7 @@ protected void parsedValue(StringBuffer buffer)
super.parsedValue(buffer);
// Assume a quality of ONE
- _quality.add(ONE);
+ _quality.add(1.0D);
}
/* ------------------------------------------------------------ */
@@ -127,11 +130,11 @@ else if (paramValue >= 0 &&
catch (Exception e)
{
Log.getLogger(QuotedQualityCSV.class).ignore(e);
- q = ZERO;
+ q = 0.0D;
}
buffer.setLength(Math.max(0, paramName - 1));
- if (!ONE.equals(q))
+ if (!((Double)1.0D).equals(q))
// replace assumed quality
_quality.set(_quality.size() - 1, q);
}
@@ -157,7 +160,7 @@ protected void sort()
{
_sorted=true;
- Double last = ZERO;
+ Double last = 0.0D;
int lastSecondaryOrder = Integer.MIN_VALUE;
for (int i = _values.size(); i-- > 0;)
@@ -172,7 +175,7 @@ protected void sort()
_values.set(i + 1, v);
_quality.set(i, _quality.get(i + 1));
_quality.set(i + 1, q);
- last = ZERO;
+ last = 0.0D;
lastSecondaryOrder=0;
i = _values.size();
continue;
@@ -183,7 +186,7 @@ protected void sort()
}
int last_element=_quality.size();
- while(last_element>0 && _quality.get(--last_element).equals(ZERO))
+ while(last_element>0 && _quality.get(--last_element).equals(0.0D))
{
_quality.remove(last_element);
_values.remove(last_element);
diff --git a/jetty-http/src/test/java/org/eclipse/jetty/http/QuotedQualityCSVTest.java b/jetty-http/src/test/java/org/eclipse/jetty/http/QuotedQualityCSVTest.java
index ba0db4a8972..f03657ba3e5 100644
--- a/jetty-http/src/test/java/org/eclipse/jetty/http/QuotedQualityCSVTest.java
+++ b/jetty-http/src/test/java/org/eclipse/jetty/http/QuotedQualityCSVTest.java
@@ -61,7 +61,7 @@ public void test7231_5_3_2_example3()
@Test
public void test7231_5_3_2_example3_most_specific()
{
- QuotedQualityCSV values = new QuotedQualityCSV(QuotedQualityCSV.MOST_SPECIFIC);
+ QuotedQualityCSV values = new QuotedQualityCSV(QuotedQualityCSV.MOST_SPECIFIC_MIME_ORDERING);
values.addValue("text/*, text/plain, text/plain;format=flowed, */*");
assertThat(values,Matchers.contains("text/plain;format=flowed","text/plain","text/*","*/*"));
diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ErrorHandler.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ErrorHandler.java
index 84088146cd3..2820dca3a0c 100644
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ErrorHandler.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ErrorHandler.java
@@ -38,6 +38,7 @@
import org.eclipse.jetty.http.HttpMethod;
import org.eclipse.jetty.http.HttpStatus;
import org.eclipse.jetty.http.MimeTypes;
+import org.eclipse.jetty.http.QuotedQualityCSV;
import org.eclipse.jetty.server.Dispatcher;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Server;
@@ -159,7 +160,7 @@ else if (old_error_page!=null && old_error_page.equals(error_page))
protected void generateAcceptableResponse(Request baseRequest, HttpServletRequest request, HttpServletResponse response, int code, String message)
throws IOException
{
- List<String> acceptable=baseRequest.getHttpFields().getQualityCSV(HttpHeader.ACCEPT);
+ List<String> acceptable=baseRequest.getHttpFields().getQualityCSV(HttpHeader.ACCEPT, QuotedQualityCSV.MOST_SPECIFIC_MIME_ORDERING);
if (acceptable.isEmpty() && !baseRequest.getHttpFields().contains(HttpHeader.ACCEPT))
{
From b925380ede948ab7d8757e95a0ce384b2441625b Mon Sep 17 00:00:00 2001
From: Greg Wilkins <gregw@webtide.com>
Date: Fri, 1 Mar 2019 10:20:10 +1100
Subject: [PATCH 3/4] Issue #3404 Updated QCSV Double usage
Signed-off-by: Greg Wilkins <gregw@webtide.com>
---
.../src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java b/jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java
index 498d4e01491..a7407d34199 100644
--- a/jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java
+++ b/jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java
@@ -134,7 +134,7 @@ else if (paramValue >= 0 &&
}
buffer.setLength(Math.max(0, paramName - 1));
- if (!((Double)1.0D).equals(q))
+ if (q!=1.0D)
// replace assumed quality
_quality.set(_quality.size() - 1, q);
}
From 69f6b3b6164228485744918a28ab6a0d4c3facae Mon Sep 17 00:00:00 2001
From: Greg Wilkins <gregw@webtide.com>
Date: Tue, 5 Mar 2019 08:59:55 +1100
Subject: [PATCH 4/4] Issue #3404
updates after review:
+ use ToIntFunction
+ reformat
Signed-off-by: Greg Wilkins <gregw@webtide.com>
---
.../org/eclipse/jetty/http/HttpFields.java | 4 +-
.../eclipse/jetty/http/QuotedQualityCSV.java | 62 +++++++++++--------
2 files changed, 37 insertions(+), 29 deletions(-)
diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpFields.java b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpFields.java
index 5a8b53013a7..395b87bde35 100644
--- a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpFields.java
+++ b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpFields.java
@@ -31,7 +31,7 @@
import java.util.NoSuchElementException;
import java.util.Set;
import java.util.StringTokenizer;
-import java.util.function.Function;
+import java.util.function.ToIntFunction;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
@@ -450,7 +450,7 @@ protected String addCSV(QuotedCSV existing,String... values)
* @param secondaryOrdering Function to apply an ordering other than specified by quality
* @return List the values in quality order with the q param and OWS stripped
*/
- public List<String> getQualityCSV(HttpHeader header, Function<String, Integer> secondaryOrdering)
+ public List<String> getQualityCSV(HttpHeader header, ToIntFunction<String> secondaryOrdering)
{
QuotedQualityCSV values = null;
for (HttpField f : this)
diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java b/jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java
index a7407d34199..d148d9e65e1 100644
--- a/jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java
+++ b/jetty-http/src/main/java/org/eclipse/jetty/http/QuotedQualityCSV.java
@@ -18,21 +18,23 @@
package org.eclipse.jetty.http;
-import static java.lang.Integer.MIN_VALUE;
-
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
-import java.util.function.Function;
+import java.util.function.ToIntFunction;
import org.eclipse.jetty.util.log.Log;
+import static java.lang.Integer.MIN_VALUE;
+
/* ------------------------------------------------------------ */
+
/**
* Implements a quoted comma separated list of quality values
* in accordance with RFC7230 and RFC7231.
- * Values are returned sorted in quality order, with OWS and the
+ * Values are returned sorted in quality order, with OWS and the
* quality parameters removed.
+ *
* @see "https://tools.ietf.org/html/rfc7230#section-3.2.6"
* @see "https://tools.ietf.org/html/rfc7230#section-7"
* @see "https://tools.ietf.org/html/rfc7231#section-5.3.1"
@@ -41,44 +43,48 @@
{
/**
* Lambda to apply a most specific MIME encoding secondary ordering.
+ *
* @see "https://tools.ietf.org/html/rfc7231#section-5.3.2"
*/
- public static Function<String, Integer> MOST_SPECIFIC_MIME_ORDERING = s ->
+ public static ToIntFunction<String> MOST_SPECIFIC_MIME_ORDERING = s ->
{
if ("*/*".equals(s))
return 0;
if (s.endsWith("/*"))
return 1;
- if (s.indexOf(';')<0)
+ if (s.indexOf(';') < 0)
return 2;
return 3;
};
-
+
private final List<Double> _quality = new ArrayList<>();
private boolean _sorted = false;
- private final Function<String, Integer> _secondaryOrdering;
-
+ private final ToIntFunction<String> _secondaryOrdering;
+
/* ------------------------------------------------------------ */
+
/**
* Sorts values with equal quality according to the length of the value String.
*/
public QuotedQualityCSV()
{
- this((Function)null);
+ this((ToIntFunction)null);
}
/* ------------------------------------------------------------ */
+
/**
* Sorts values with equal quality according to given order.
+ *
* @param preferredOrder Array indicating the preferred order of known values
*/
public QuotedQualityCSV(String[] preferredOrder)
{
this((s) ->
{
- for (int i=0;i<preferredOrder.length;++i)
+ for (int i = 0; i < preferredOrder.length; ++i)
if (preferredOrder[i].equals(s))
- return preferredOrder.length-i;
+ return preferredOrder.length - i;
if ("*".equals(s))
return preferredOrder.length;
@@ -88,15 +94,17 @@ public QuotedQualityCSV(String[] preferredOrder)
}
/* ------------------------------------------------------------ */
+
/**
* Orders values with equal quality with the given function.
+ *
* @param secondaryOrdering Function to apply an ordering other than specified by quality
*/
- public QuotedQualityCSV(Function<String, Integer> secondaryOrdering)
+ public QuotedQualityCSV(ToIntFunction<String> secondaryOrdering)
{
- this._secondaryOrdering = secondaryOrdering == null ? s->0 : secondaryOrdering;
+ this._secondaryOrdering = secondaryOrdering == null ? s -> 0 : secondaryOrdering;
}
-
+
/* ------------------------------------------------------------ */
@Override
protected void parsedValue(StringBuffer buffer)
@@ -134,7 +142,7 @@ else if (paramValue >= 0 &&
}
buffer.setLength(Math.max(0, paramName - 1));
- if (q!=1.0D)
+ if (q != 1.0D)
// replace assumed quality
_quality.set(_quality.size() - 1, q);
}
@@ -147,7 +155,7 @@ else if (paramValue >= 0 &&
sort();
return _values;
}
-
+
@Override
public Iterator<String> iterator()
{
@@ -158,35 +166,35 @@ else if (paramValue >= 0 &&
protected void sort()
{
- _sorted=true;
+ _sorted = true;
Double last = 0.0D;
int lastSecondaryOrder = Integer.MIN_VALUE;
- for (int i = _values.size(); i-- > 0;)
+ for (int i = _values.size(); i-- > 0; )
{
String v = _values.get(i);
Double q = _quality.get(i);
- int compare=last.compareTo(q);
- if (compare>0 || (compare==0 && _secondaryOrdering.apply(v)<lastSecondaryOrder))
+ int compare = last.compareTo(q);
+ if (compare > 0 || (compare == 0 && _secondaryOrdering.applyAsInt(v) < lastSecondaryOrder))
{
_values.set(i, _values.get(i + 1));
_values.set(i + 1, v);
_quality.set(i, _quality.get(i + 1));
_quality.set(i + 1, q);
last = 0.0D;
- lastSecondaryOrder=0;
+ lastSecondaryOrder = 0;
i = _values.size();
continue;
}
- last=q;
- lastSecondaryOrder=_secondaryOrdering.apply(v);
+ last = q;
+ lastSecondaryOrder = _secondaryOrdering.applyAsInt(v);
}
-
- int last_element=_quality.size();
- while(last_element>0 && _quality.get(--last_element).equals(0.0D))
+
+ int last_element = _quality.size();
+ while (last_element > 0 && _quality.get(--last_element).equals(0.0D))
{
_quality.remove(last_element);
_values.remove(last_element);

692
CVE-2020-27223-pre-2.patch
View File

@ -1,692 +0,0 @@
From 05072b34dce43064e87ad0d59065f14666c1f34e Mon Sep 17 00:00:00 2001
From: Greg Wilkins <gregw@webtide.com>
Date: Wed, 8 May 2019 13:28:16 +0200
Subject: [PATCH] Issue #3630 Forwarded-Port
Added support for the X-Forwarded-Port header.
Reimplemented header scanning using more efficient Trie and MethodHandles
Signed-off-by: Greg Wilkins <gregw@webtide.com>
---
.../eclipse/jetty/http/HostPortHttpField.java | 13 +
.../org/eclipse/jetty/http/HttpHeader.java | 1 +
.../main/config/etc/jetty-http-forwarded.xml | 1 +
.../main/config/modules/http-forwarded.mod | 1 +
.../server/ForwardedRequestCustomizer.java | 274 +++++++++++++-----
.../ForwardedRequestCustomizerTest.java | 27 +-
.../java/org/eclipse/jetty/util/HostPort.java | 30 +-
.../org/eclipse/jetty/util/HostPortTest.java | 13 +-
8 files changed, 269 insertions(+), 91 deletions(-)
diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/HostPortHttpField.java b/jetty-http/src/main/java/org/eclipse/jetty/http/HostPortHttpField.java
index 215c353b4b9..dc386665339 100644
--- a/jetty-http/src/main/java/org/eclipse/jetty/http/HostPortHttpField.java
+++ b/jetty-http/src/main/java/org/eclipse/jetty/http/HostPortHttpField.java
@@ -49,6 +49,19 @@ protected HostPortHttpField(HttpHeader header, String name, String authority)
}
}
+ /* ------------------------------------------------------------ */
+ public HostPortHttpField(String host, int port)
+ {
+ this(new HostPort(host, port));
+ }
+
+ /* ------------------------------------------------------------ */
+ protected HostPortHttpField(HostPort hostport)
+ {
+ super(HttpHeader.HOST,HttpHeader.HOST.asString(),hostport.toString());
+ _hostPort = hostport;
+ }
+
/* ------------------------------------------------------------ */
/** Get the host.
* @return the host
diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpHeader.java b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpHeader.java
index f39c0f7df98..ac6bf2be8da 100644
--- a/jetty-http/src/main/java/org/eclipse/jetty/http/HttpHeader.java
+++ b/jetty-http/src/main/java/org/eclipse/jetty/http/HttpHeader.java
@@ -82,6 +82,7 @@
TE("TE"),
USER_AGENT("User-Agent"),
X_FORWARDED_FOR("X-Forwarded-For"),
+ X_FORWARDED_PORT("X-Forwarded-Port"),
X_FORWARDED_PROTO("X-Forwarded-Proto"),
X_FORWARDED_SERVER("X-Forwarded-Server"),
X_FORWARDED_HOST("X-Forwarded-Host"),
diff --git a/jetty-server/src/main/config/etc/jetty-http-forwarded.xml b/jetty-server/src/main/config/etc/jetty-http-forwarded.xml
index 50b80976a2a..648d6c6a94f 100644
--- a/jetty-server/src/main/config/etc/jetty-http-forwarded.xml
+++ b/jetty-server/src/main/config/etc/jetty-http-forwarded.xml
@@ -11,6 +11,7 @@
<Set name="forwardedServerHeader"><Property name="jetty.httpConfig.forwardedServerHeader" default="X-Forwarded-Server"/></Set>
<Set name="forwardedProtoHeader"><Property name="jetty.httpConfig.forwardedProtoHeader" default="X-Forwarded-Proto"/></Set>
<Set name="forwardedForHeader"><Property name="jetty.httpConfig.forwardedForHeader" default="X-Forwarded-For"/></Set>
+ <Set name="forwardedPortHeader"><Property name="jetty.httpConfig.forwardedPortHeader" default="X-Forwarded-Port"/></Set>
<Set name="forwardedHttpsHeader"><Property name="jetty.httpConfig.forwardedHttpsHeader" default="X-Proxied-Https"/></Set>
<Set name="forwardedSslSessionIdHeader"><Property name="jetty.httpConfig.forwardedSslSessionIdHeader" default="Proxy-ssl-id" /></Set>
<Set name="forwardedCipherSuiteHeader"><Property name="jetty.httpConfig.forwardedCipherSuiteHeader" default="Proxy-auth-cert"/></Set>
diff --git a/jetty-server/src/main/config/modules/http-forwarded.mod b/jetty-server/src/main/config/modules/http-forwarded.mod
index 34e25642b2c..f67822065a4 100644
--- a/jetty-server/src/main/config/modules/http-forwarded.mod
+++ b/jetty-server/src/main/config/modules/http-forwarded.mod
@@ -23,6 +23,7 @@ etc/jetty-http-forwarded.xml
# jetty.httpConfig.forwardedServerHeader=X-Forwarded-Server
# jetty.httpConfig.forwardedProtoHeader=X-Forwarded-Proto
# jetty.httpConfig.forwardedForHeader=X-Forwarded-For
+# jetty.httpConfig.forwardedPortHeader=X-Forwarded-Port
# jetty.httpConfig.forwardedHttpsHeader=X-Proxied-Https
# jetty.httpConfig.forwardedSslSessionIdHeader=Proxy-ssl-id
# jetty.httpConfig.forwardedCipherSuiteHeader=Proxy-auth-cert
diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/ForwardedRequestCustomizer.java b/jetty-server/src/main/java/org/eclipse/jetty/server/ForwardedRequestCustomizer.java
index f2ffe24fb85..1e64892cbe9 100644
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/ForwardedRequestCustomizer.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/ForwardedRequestCustomizer.java
@@ -18,6 +18,9 @@
package org.eclipse.jetty.server;
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
+import java.lang.invoke.MethodType;
import java.net.InetSocketAddress;
import javax.servlet.ServletRequest;
@@ -29,11 +32,15 @@
import org.eclipse.jetty.http.HttpScheme;
import org.eclipse.jetty.http.QuotedCSV;
import org.eclipse.jetty.server.HttpConfiguration.Customizer;
+import org.eclipse.jetty.util.ArrayTrie;
import org.eclipse.jetty.util.HostPort;
import org.eclipse.jetty.util.StringUtil;
+import org.eclipse.jetty.util.Trie;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
+import static java.lang.invoke.MethodType.methodType;
+
/* ------------------------------------------------------------ */
/** Customize Requests for Proxy Forwarding.
@@ -63,14 +70,21 @@
private String _forwardedHeader = HttpHeader.FORWARDED.toString();
private String _forwardedHostHeader = HttpHeader.X_FORWARDED_HOST.toString();
private String _forwardedServerHeader = HttpHeader.X_FORWARDED_SERVER.toString();
- private String _forwardedForHeader = HttpHeader.X_FORWARDED_FOR.toString();
private String _forwardedProtoHeader = HttpHeader.X_FORWARDED_PROTO.toString();
+ private String _forwardedForHeader = HttpHeader.X_FORWARDED_FOR.toString();
+ private String _forwardedPortHeader = HttpHeader.X_FORWARDED_PORT.toString();
private String _forwardedHttpsHeader = "X-Proxied-Https";
private String _forwardedCipherSuiteHeader = "Proxy-auth-cert";
private String _forwardedSslSessionIdHeader = "Proxy-ssl-id";
private boolean _proxyAsAuthority=false;
private boolean _sslIsSecure=true;
-
+ private Trie <MethodHandle> _handles;
+
+ public ForwardedRequestCustomizer()
+ {
+ updateHandles();
+ }
+
/**
* @return true if the proxy address obtained via
* {@code X-Forwarded-Server} or RFC7239 "by" is used as
@@ -103,9 +117,9 @@ public void setForwardedOnly(boolean rfc7239only)
if (_forwardedHeader==null)
_forwardedHeader=HttpHeader.FORWARDED.toString();
_forwardedHostHeader=null;
- _forwardedHostHeader=null;
_forwardedServerHeader=null;
_forwardedForHeader=null;
+ _forwardedPortHeader=null;
_forwardedProtoHeader=null;
_forwardedHttpsHeader=null;
}
@@ -117,11 +131,15 @@ public void setForwardedOnly(boolean rfc7239only)
_forwardedServerHeader = HttpHeader.X_FORWARDED_SERVER.toString();
if (_forwardedForHeader==null)
_forwardedForHeader = HttpHeader.X_FORWARDED_FOR.toString();
+ if (_forwardedPortHeader==null)
+ _forwardedPortHeader = HttpHeader.X_FORWARDED_PORT.toString();
if (_forwardedProtoHeader==null)
_forwardedProtoHeader = HttpHeader.X_FORWARDED_PROTO.toString();
if (_forwardedHttpsHeader==null)
_forwardedHttpsHeader = "X-Proxied-Https";
}
+
+ updateHandles();
}
public String getForcedHost()
@@ -138,6 +156,7 @@ public String getForcedHost()
public void setForcedHost(String hostAndPort)
{
_forcedHost = new HostPortHttpField(hostAndPort);
+ updateHandles();
}
/**
@@ -155,6 +174,7 @@ public String getForwardedHeader()
public void setForwardedHeader(String forwardedHeader)
{
_forwardedHeader = forwardedHeader;
+ updateHandles();
}
public String getForwardedHostHeader()
@@ -169,6 +189,7 @@ public String getForwardedHostHeader()
public void setForwardedHostHeader(String forwardedHostHeader)
{
_forwardedHostHeader = forwardedHostHeader;
+ updateHandles();
}
/**
@@ -186,6 +207,7 @@ public String getForwardedServerHeader()
public void setForwardedServerHeader(String forwardedServerHeader)
{
_forwardedServerHeader = forwardedServerHeader;
+ updateHandles();
}
/**
@@ -203,6 +225,22 @@ public String getForwardedForHeader()
public void setForwardedForHeader(String forwardedRemoteAddressHeader)
{
_forwardedForHeader = forwardedRemoteAddressHeader;
+ updateHandles();
+ }
+
+ public String getForwardedPortHeader()
+ {
+ return _forwardedHostHeader;
+ }
+
+ /**
+ * @param forwardedPortHeader
+ * The header name for forwarded hosts (default {@code X-Forwarded-Port})
+ */
+ public void setForwardedPortHeader(String forwardedPortHeader)
+ {
+ _forwardedHostHeader = forwardedPortHeader;
+ updateHandles();
}
/**
@@ -224,6 +262,7 @@ public String getForwardedProtoHeader()
public void setForwardedProtoHeader(String forwardedProtoHeader)
{
_forwardedProtoHeader = forwardedProtoHeader;
+ updateHandles();
}
/**
@@ -241,6 +280,7 @@ public String getForwardedCipherSuiteHeader()
public void setForwardedCipherSuiteHeader(String forwardedCipherSuite)
{
_forwardedCipherSuiteHeader = forwardedCipherSuite;
+ updateHandles();
}
/**
@@ -258,6 +298,7 @@ public String getForwardedSslSessionIdHeader()
public void setForwardedSslSessionIdHeader(String forwardedSslSessionId)
{
_forwardedSslSessionIdHeader = forwardedSslSessionId;
+ updateHandles();
}
/**
@@ -274,6 +315,7 @@ public String getForwardedHttpsHeader()
public void setForwardedHttpsHeader(String forwardedHttpsHeader)
{
_forwardedHttpsHeader = forwardedHttpsHeader;
+ updateHandles();
}
/**
@@ -299,118 +341,84 @@ public void customize(Connector connector, HttpConfiguration config, Request req
{
HttpFields httpFields = request.getHttpFields();
- RFC7239 rfc7239 = null;
- String forwardedHost = null;
- String forwardedServer = null;
- HostPort forwardedFor = null;
- String forwardedProto = null;
- String forwardedHttps = null;
-
// Do a single pass through the header fields as it is a more efficient single iteration.
- for (HttpField field : httpFields)
+ Forwarded forwarded = new Forwarded(request, config);
+ try
{
- String name = field.getName();
-
- if (getForwardedCipherSuiteHeader()!=null && getForwardedCipherSuiteHeader().equalsIgnoreCase(name))
+ for (HttpField field : httpFields)
{
- request.setAttribute("javax.servlet.request.cipher_suite",field.getValue());
- if (isSslIsSecure())
- {
- request.setSecure(true);
- request.setScheme(config.getSecureScheme());
- }
- }
-
- if (getForwardedSslSessionIdHeader()!=null && getForwardedSslSessionIdHeader().equalsIgnoreCase(name))
- {
- request.setAttribute("javax.servlet.request.ssl_session_id", field.getValue());
- if (isSslIsSecure())
- {
- request.setSecure(true);
- request.setScheme(config.getSecureScheme());
- }
- }
-
- if (forwardedHost==null && _forwardedHostHeader!=null && _forwardedHostHeader.equalsIgnoreCase(name))
- forwardedHost = getLeftMost(field.getValue());
-
- if (forwardedServer==null && _forwardedServerHeader!=null && _forwardedServerHeader.equalsIgnoreCase(name))
- forwardedServer = getLeftMost(field.getValue());
-
- if (forwardedFor==null && _forwardedForHeader!=null && _forwardedForHeader.equalsIgnoreCase(name))
- forwardedFor = getRemoteAddr(field.getValue());
-
- if (forwardedProto==null && _forwardedProtoHeader!=null && _forwardedProtoHeader.equalsIgnoreCase(name))
- forwardedProto = getLeftMost(field.getValue());
-
- if (forwardedHttps==null && _forwardedHttpsHeader!=null && _forwardedHttpsHeader.equalsIgnoreCase(name))
- forwardedHttps = getLeftMost(field.getValue());
-
- if (_forwardedHeader!=null && _forwardedHeader.equalsIgnoreCase(name))
- {
- if (rfc7239==null)
- rfc7239= new RFC7239();
- rfc7239.addValue(field.getValue());
+ MethodHandle handle = _handles.get(field.getName());
+ if (handle != null)
+ handle.invoke(forwarded, field);
}
}
-
- // Handle host header if if not available any RFC7230.by or X-ForwardedServer header
+ catch (Throwable e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ // Determine host
if (_forcedHost != null)
{
// Update host header
httpFields.put(_forcedHost);
request.setAuthority(_forcedHost.getHost(),_forcedHost.getPort());
}
- else if (rfc7239!=null && rfc7239._host!=null)
+ else if (forwarded._rfc7239!=null && forwarded._rfc7239._host!=null)
{
- HostPortHttpField auth = rfc7239._host;
+ HostPortHttpField auth = forwarded._rfc7239._host;
httpFields.put(auth);
request.setAuthority(auth.getHost(),auth.getPort());
}
- else if (forwardedHost != null)
+ else if (forwarded._forwardedHost != null)
{
- HostPortHttpField auth = new HostPortHttpField(forwardedHost);
+ HostPortHttpField auth = new HostPortHttpField(forwarded._forwardedHost);
httpFields.put(auth);
- request.setAuthority(auth.getHost(),auth.getPort());
+ request.setAuthority(auth.getHost(), auth.getPort());
}
else if (_proxyAsAuthority)
{
- if (rfc7239!=null && rfc7239._by!=null)
+ if (forwarded._rfc7239!=null && forwarded._rfc7239._by!=null)
{
- HostPortHttpField auth = rfc7239._by;
+ HostPortHttpField auth = forwarded._rfc7239._by;
httpFields.put(auth);
request.setAuthority(auth.getHost(),auth.getPort());
}
- else if (forwardedServer != null)
+ else if (forwarded._forwardedServer != null)
{
- request.setAuthority(forwardedServer,request.getServerPort());
+ request.setAuthority(forwarded._forwardedServer,request.getServerPort());
}
}
// handle remote end identifier
- if (rfc7239!=null && rfc7239._for!=null)
+ if (forwarded._rfc7239!=null && forwarded._rfc7239._for!=null)
{
- request.setRemoteAddr(InetSocketAddress.createUnresolved(rfc7239._for.getHost(),rfc7239._for.getPort()));
+ request.setRemoteAddr(InetSocketAddress.createUnresolved(forwarded._rfc7239._for.getHost(),forwarded._rfc7239._for.getPort()));
}
- else if (forwardedFor != null)
+ else if (forwarded._forwardedFor != null)
{
- request.setRemoteAddr(InetSocketAddress.createUnresolved(forwardedFor.getHost(), (forwardedFor.getPort() > 0) ? forwardedFor.getPort() : request.getRemotePort()));
+ int port = (forwarded._forwardedPort>0)
+ ? forwarded._forwardedPort
+ : (forwarded._forwardedFor.getPort() > 0)
+ ? forwarded._forwardedFor.getPort()
+ : request.getRemotePort();
+ request.setRemoteAddr(InetSocketAddress.createUnresolved(forwarded._forwardedFor.getHost(), port));
}
// handle protocol identifier
- if (rfc7239!=null && rfc7239._proto!=null)
+ if (forwarded._rfc7239!=null && forwarded._rfc7239._proto!=null)
{
- request.setScheme(rfc7239._proto);
- if (rfc7239._proto.equals(config.getSecureScheme()))
+ request.setScheme(forwarded._rfc7239._proto);
+ if (forwarded._rfc7239._proto.equals(config.getSecureScheme()))
request.setSecure(true);
}
- else if (forwardedProto != null)
+ else if (forwarded._forwardedProto != null)
{
- request.setScheme(forwardedProto);
- if (forwardedProto.equals(config.getSecureScheme()))
+ request.setScheme(forwarded._forwardedProto);
+ if (forwarded._forwardedProto.equals(config.getSecureScheme()))
request.setSecure(true);
}
- else if (forwardedHttps !=null && ("on".equalsIgnoreCase(forwardedHttps)||"true".equalsIgnoreCase(forwardedHttps)))
+ else if (forwarded._forwardedHttps !=null && ("on".equalsIgnoreCase(forwarded._forwardedHttps)||"true".equalsIgnoreCase(forwarded._forwardedHttps)))
{
request.setScheme(HttpScheme.HTTPS.asString());
if (HttpScheme.HTTPS.asString().equals(config.getSecureScheme()))
@@ -521,4 +529,122 @@ protected void parsedParam(StringBuffer buffer, int valueLength, int paramName,
}
}
}
+
+ private void updateHandles()
+ {
+ int size = 0;
+ MethodHandles.Lookup lookup = MethodHandles.lookup();
+ MethodType type = methodType(Void.TYPE, HttpField.class);
+
+ while(true)
+ {
+ try
+ {
+ size += 128;
+ _handles = new ArrayTrie<>(size);
+
+ if (_forwardedCipherSuiteHeader != null && !_handles.put(_forwardedCipherSuiteHeader, lookup.findVirtual(Forwarded.class, "handleCipherSuite", type)))
+ continue;
+ if (_forwardedSslSessionIdHeader != null && !_handles.put(_forwardedSslSessionIdHeader, lookup.findVirtual(Forwarded.class, "handleSslSessionId", type)))
+ continue;
+ if (_forwardedHeader != null && !_handles.put(_forwardedHeader, lookup.findVirtual(Forwarded.class, "handleRFC7239", type)))
+ continue;
+ if (_forwardedForHeader != null && !_handles.put(_forwardedForHeader, lookup.findVirtual(Forwarded.class, "handleFor", type)))
+ continue;
+ if (_forwardedPortHeader != null && !_handles.put(_forwardedPortHeader, lookup.findVirtual(Forwarded.class, "handlePort", type)))
+ continue;
+ if (_forwardedHostHeader != null && !_handles.put(_forwardedHostHeader, lookup.findVirtual(Forwarded.class, "handleHost", type)))
+ continue;
+ if (_forwardedProtoHeader != null && !_handles.put(_forwardedProtoHeader, lookup.findVirtual(Forwarded.class, "handleProto", type)))
+ continue;
+ if (_forwardedHttpsHeader != null && !_handles.put(_forwardedHttpsHeader, lookup.findVirtual(Forwarded.class, "handleHttps", type)))
+ continue;
+ if (_forwardedServerHeader != null && !_handles.put(_forwardedServerHeader, lookup.findVirtual(Forwarded.class, "handleServer", type)))
+ continue;
+ break;
+ }
+ catch (NoSuchMethodException|IllegalAccessException e)
+ {
+ throw new IllegalStateException(e);
+ }
+ }
+ }
+
+ private class Forwarded
+ {
+ HttpConfiguration _config;
+ Request _request;
+
+ RFC7239 _rfc7239 = null;
+ String _forwardedHost = null;
+ String _forwardedServer = null;
+ String _forwardedProto = null;
+ HostPort _forwardedFor = null;
+ int _forwardedPort = -1;
+ String _forwardedHttps = null;
+
+ public Forwarded(Request request, HttpConfiguration config)
+ {
+ _request = request;
+ _config = config;
+ }
+
+ public void handleCipherSuite(HttpField field)
+ {
+ _request.setAttribute("javax.servlet.request.cipher_suite",field.getValue());
+ if (isSslIsSecure())
+ {
+ _request.setSecure(true);
+ _request.setScheme(_config.getSecureScheme());
+ }
+ }
+
+ public void handleSslSessionId(HttpField field)
+ {
+ _request.setAttribute("javax.servlet.request.ssl_session_id", field.getValue());
+ if (isSslIsSecure())
+ {
+ _request.setSecure(true);
+ _request.setScheme(_config.getSecureScheme());
+ }
+ }
+
+ public void handleHost(HttpField field)
+ {
+ _forwardedHost = getLeftMost(field.getValue());
+ }
+
+ public void handleServer(HttpField field)
+ {
+ _forwardedServer = getLeftMost(field.getValue());
+ }
+
+ public void handleProto(HttpField field)
+ {
+ _forwardedProto = getLeftMost(field.getValue());
+ }
+
+ public void handleFor(HttpField field)
+ {
+ _forwardedFor = getRemoteAddr(field.getValue());
+ }
+
+ public void handlePort(HttpField field)
+ {
+ _forwardedPort = field.getIntValue();
+ }
+ public void handleHttps(HttpField field)
+ {
+ _forwardedHttps = getLeftMost(field.getValue());
+ }
+
+ public void handleRFC7239(HttpField field)
+ {
+ if (_rfc7239 ==null)
+ _rfc7239 = new RFC7239();
+ _rfc7239.addValue(field.getValue());
+ }
+
+
+ }
}
diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/ForwardedRequestCustomizerTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/ForwardedRequestCustomizerTest.java
index 5d5467f73bd..0a1cecec0c2 100644
--- a/jetty-server/src/test/java/org/eclipse/jetty/server/ForwardedRequestCustomizerTest.java
+++ b/jetty-server/src/test/java/org/eclipse/jetty/server/ForwardedRequestCustomizerTest.java
@@ -18,11 +18,6 @@
package org.eclipse.jetty.server;
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertFalse;
-import static org.hamcrest.MatcherAssert.assertThat;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-
import java.io.IOException;
import java.util.ArrayDeque;
import java.util.Deque;
@@ -41,6 +36,11 @@
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
public class ForwardedRequestCustomizerTest
{
private Server _server;
@@ -249,6 +249,23 @@ public void testForIpv6WithPort() throws Exception
assertEquals("1111",_results.poll());
}
+ @Test
+ public void testForIpv6AndPort() throws Exception
+ {
+ String response=_connector.getResponse(
+ "GET / HTTP/1.1\n"+
+ "Host: myhost\n"+
+ "X-Forwarded-For: 1:2:3:4:5:6:7:8\n"+
+ "X-Forwarded-Port: 2222\n"+
+ "\n");
+ assertThat(response, Matchers.containsString("200 OK"));
+ assertEquals("http",_results.poll());
+ assertEquals("myhost",_results.poll());
+ assertEquals("80",_results.poll());
+ assertEquals("[1:2:3:4:5:6:7:8]",_results.poll());
+ assertEquals("2222",_results.poll());
+ }
+
@Test
public void testLegacyProto() throws Exception
{
diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/HostPort.java b/jetty-util/src/main/java/org/eclipse/jetty/util/HostPort.java
index 1824dd799d1..8fde487ae19 100644
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/HostPort.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/HostPort.java
@@ -32,6 +32,12 @@
private final String _host;
private final int _port;
+ public HostPort(String host, int port) throws IllegalArgumentException
+ {
+ _host = host;
+ _port = port;
+ }
+
public HostPort(String authority) throws IllegalArgumentException
{
if (authority==null)
@@ -66,8 +72,16 @@ else if (authority.charAt(0)=='[')
int c = authority.lastIndexOf(':');
if (c>=0)
{
- _host=authority.substring(0,c);
- _port=StringUtil.toInt(authority,c+1);
+ if (c!=authority.indexOf(':'))
+ {
+ _host="[" + authority + "]";
+ _port=0;
+ }
+ else
+ {
+ _host = authority.substring(0, c);
+ _port = StringUtil.toInt(authority, c + 1);
+ }
}
else
{
@@ -93,7 +107,6 @@ else if (authority.charAt(0)=='[')
throw new IllegalArgumentException("Bad port");
}
- /* ------------------------------------------------------------ */
/** Get the host.
* @return the host
*/
@@ -102,7 +115,6 @@ public String getHost()
return _host;
}
- /* ------------------------------------------------------------ */
/** Get the port.
* @return the port
*/
@@ -111,7 +123,6 @@ public int getPort()
return _port;
}
- /* ------------------------------------------------------------ */
/** Get the port.
* @param defaultPort, the default port to return if a port is not specified
* @return the port
@@ -121,7 +132,14 @@ public int getPort(int defaultPort)
return _port>0?_port:defaultPort;
}
- /* ------------------------------------------------------------ */
+ @Override
+ public String toString()
+ {
+ if (_port>0)
+ return normalizeHost(_host) + ":" + _port;
+ return _host;
+ }
+
/** Normalize IPv6 address as per https://www.ietf.org/rfc/rfc2732.txt
* @param host A host name
* @return Host name surrounded by '[' and ']' as needed.
diff --git a/jetty-util/src/test/java/org/eclipse/jetty/util/HostPortTest.java b/jetty-util/src/test/java/org/eclipse/jetty/util/HostPortTest.java
index 705bbbf6fa6..a700262cb90 100644
--- a/jetty-util/src/test/java/org/eclipse/jetty/util/HostPortTest.java
+++ b/jetty-util/src/test/java/org/eclipse/jetty/util/HostPortTest.java
@@ -18,17 +18,17 @@
package org.eclipse.jetty.util;
-import static org.hamcrest.MatcherAssert.assertThat;
-import static org.hamcrest.Matchers.is;
-import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertThrows;
-
import java.util.stream.Stream;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.is;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
public class HostPortTest
{
private static Stream<Arguments> validAuthorityProvider()
@@ -41,7 +41,8 @@
Arguments.of("10.10.10.1", "10.10.10.1", null),
Arguments.of("10.10.10.1:80", "10.10.10.1", "80"),
Arguments.of("[0::0::0::1]", "[0::0::0::1]", null),
- Arguments.of("[0::0::0::1]:80", "[0::0::0::1]", "80")
+ Arguments.of("[0::0::0::1]:80", "[0::0::0::1]", "80"),
+ Arguments.of("0:1:2:3:4:5:6","[0:1:2:3:4:5:6]",null)
);
}

518
CVE-2020-27223-pre-3.patch
View File

@ -1,518 +0,0 @@
From 9f3b0223ab7e3159c4794e102f6b5e06dfc8710d Mon Sep 17 00:00:00 2001
From: Greg Wilkins <gregw@webtide.com>
Date: Wed, 8 May 2019 14:00:58 +0200
Subject: [PATCH] Issue #3630 Forwarded-Port
reformatted code
Avoid updating handles unless configuration is changed.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
---
.../server/ForwardedRequestCustomizer.java | 216 ++++++++++--------
1 file changed, 117 insertions(+), 99 deletions(-)
diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/ForwardedRequestCustomizer.java b/jetty-server/src/main/java/org/eclipse/jetty/server/ForwardedRequestCustomizer.java
index 1e64892cbe9..be3990794ed 100644
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/ForwardedRequestCustomizer.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/ForwardedRequestCustomizer.java
@@ -43,7 +43,9 @@
/* ------------------------------------------------------------ */
-/** Customize Requests for Proxy Forwarding.
+
+/**
+ * Customize Requests for Proxy Forwarding.
* <p>
* This customizer looks at at HTTP request for headers that indicate
* it has been forwarded by one or more proxies. Specifically handled are
@@ -59,7 +61,8 @@
* so that the proxy is not seen as the other end point of the connection on which
* the request came</p>
* <p>Headers can also be defined so that forwarded SSL Session IDs and Cipher
- * suites may be customised</p>
+ * suites may be customised</p>
+ *
* @see <a href="http://en.wikipedia.org/wiki/X-Forwarded-For">Wikipedia: X-Forwarded-For</a>
*/
public class ForwardedRequestCustomizer implements Customizer
@@ -76,9 +79,9 @@
private String _forwardedHttpsHeader = "X-Proxied-Https";
private String _forwardedCipherSuiteHeader = "Proxy-auth-cert";
private String _forwardedSslSessionIdHeader = "Proxy-ssl-id";
- private boolean _proxyAsAuthority=false;
- private boolean _sslIsSecure=true;
- private Trie <MethodHandle> _handles;
+ private boolean _proxyAsAuthority = false;
+ private boolean _sslIsSecure = true;
+ private Trie<MethodHandle> _handles;
public ForwardedRequestCustomizer()
{
@@ -97,7 +100,7 @@ public boolean getProxyAsAuthority()
/**
* @param proxyAsAuthority if true, use the proxy address obtained via
- * {@code X-Forwarded-Server} or RFC7239 "by" as the request authority.
+ * {@code X-Forwarded-Server} or RFC7239 "by" as the request authority.
*/
public void setProxyAsAuthority(boolean proxyAsAuthority)
{
@@ -114,49 +117,47 @@ public void setForwardedOnly(boolean rfc7239only)
{
if (rfc7239only)
{
- if (_forwardedHeader==null)
- _forwardedHeader=HttpHeader.FORWARDED.toString();
- _forwardedHostHeader=null;
- _forwardedServerHeader=null;
- _forwardedForHeader=null;
- _forwardedPortHeader=null;
- _forwardedProtoHeader=null;
- _forwardedHttpsHeader=null;
+ if (_forwardedHeader == null)
+ _forwardedHeader = HttpHeader.FORWARDED.toString();
+ _forwardedHostHeader = null;
+ _forwardedServerHeader = null;
+ _forwardedForHeader = null;
+ _forwardedPortHeader = null;
+ _forwardedProtoHeader = null;
+ _forwardedHttpsHeader = null;
}
else
{
- if (_forwardedHostHeader==null)
+ if (_forwardedHostHeader == null)
_forwardedHostHeader = HttpHeader.X_FORWARDED_HOST.toString();
- if (_forwardedServerHeader==null)
+ if (_forwardedServerHeader == null)
_forwardedServerHeader = HttpHeader.X_FORWARDED_SERVER.toString();
- if (_forwardedForHeader==null)
+ if (_forwardedForHeader == null)
_forwardedForHeader = HttpHeader.X_FORWARDED_FOR.toString();
- if (_forwardedPortHeader==null)
+ if (_forwardedPortHeader == null)
_forwardedPortHeader = HttpHeader.X_FORWARDED_PORT.toString();
- if (_forwardedProtoHeader==null)
+ if (_forwardedProtoHeader == null)
_forwardedProtoHeader = HttpHeader.X_FORWARDED_PROTO.toString();
- if (_forwardedHttpsHeader==null)
+ if (_forwardedHttpsHeader == null)
_forwardedHttpsHeader = "X-Proxied-Https";
}
updateHandles();
}
-
+
public String getForcedHost()
{
return _forcedHost.getValue();
}
-
+
/**
* Set a forced valued for the host header to control what is returned by {@link ServletRequest#getServerName()} and {@link ServletRequest#getServerPort()}.
*
- * @param hostAndPort
- * The value of the host header to force.
+ * @param hostAndPort The value of the host header to force.
*/
public void setForcedHost(String hostAndPort)
{
_forcedHost = new HostPortHttpField(hostAndPort);
- updateHandles();
}
/**
@@ -168,13 +169,15 @@ public String getForwardedHeader()
}
/**
- * @param forwardedHeader
- * The header name for RFC forwarded (default Forwarded)
+ * @param forwardedHeader The header name for RFC forwarded (default Forwarded)
*/
public void setForwardedHeader(String forwardedHeader)
{
- _forwardedHeader = forwardedHeader;
- updateHandles();
+ if (_forwardedHeader == null || !_forwardedHeader.equals(forwardedHeader))
+ {
+ _forwardedHeader = forwardedHeader;
+ updateHandles();
+ }
}
public String getForwardedHostHeader()
@@ -183,13 +186,15 @@ public String getForwardedHostHeader()
}
/**
- * @param forwardedHostHeader
- * The header name for forwarded hosts (default {@code X-Forwarded-Host})
+ * @param forwardedHostHeader The header name for forwarded hosts (default {@code X-Forwarded-Host})
*/
public void setForwardedHostHeader(String forwardedHostHeader)
{
- _forwardedHostHeader = forwardedHostHeader;
- updateHandles();
+ if (_forwardedHostHeader == null || !_forwardedHostHeader.equalsIgnoreCase(forwardedHostHeader))
+ {
+ _forwardedHostHeader = forwardedHostHeader;
+ updateHandles();
+ }
}
/**
@@ -201,13 +206,15 @@ public String getForwardedServerHeader()
}
/**
- * @param forwardedServerHeader
- * The header name for forwarded server (default {@code X-Forwarded-Server})
+ * @param forwardedServerHeader The header name for forwarded server (default {@code X-Forwarded-Server})
*/
public void setForwardedServerHeader(String forwardedServerHeader)
{
- _forwardedServerHeader = forwardedServerHeader;
- updateHandles();
+ if (_forwardedServerHeader == null || !_forwardedServerHeader.equalsIgnoreCase(forwardedServerHeader))
+ {
+ _forwardedServerHeader = forwardedServerHeader;
+ updateHandles();
+ }
}
/**
@@ -219,13 +226,15 @@ public String getForwardedForHeader()
}
/**
- * @param forwardedRemoteAddressHeader
- * The header name for forwarded for (default {@code X-Forwarded-For})
+ * @param forwardedRemoteAddressHeader The header name for forwarded for (default {@code X-Forwarded-For})
*/
public void setForwardedForHeader(String forwardedRemoteAddressHeader)
{
- _forwardedForHeader = forwardedRemoteAddressHeader;
- updateHandles();
+ if (_forwardedForHeader == null || !_forwardedForHeader.equalsIgnoreCase(forwardedRemoteAddressHeader))
+ {
+ _forwardedForHeader = forwardedRemoteAddressHeader;
+ updateHandles();
+ }
}
public String getForwardedPortHeader()
@@ -234,13 +243,15 @@ public String getForwardedPortHeader()
}
/**
- * @param forwardedPortHeader
- * The header name for forwarded hosts (default {@code X-Forwarded-Port})
+ * @param forwardedPortHeader The header name for forwarded hosts (default {@code X-Forwarded-Port})
*/
public void setForwardedPortHeader(String forwardedPortHeader)
{
- _forwardedHostHeader = forwardedPortHeader;
- updateHandles();
+ if (_forwardedHostHeader == null || !_forwardedHostHeader.equalsIgnoreCase(forwardedPortHeader))
+ {
+ _forwardedHostHeader = forwardedPortHeader;
+ updateHandles();
+ }
}
/**
@@ -256,13 +267,15 @@ public String getForwardedProtoHeader()
/**
* Set the forwardedProtoHeader.
*
- * @param forwardedProtoHeader
- * the forwardedProtoHeader to set (default {@code X-Forwarded-Proto})
+ * @param forwardedProtoHeader the forwardedProtoHeader to set (default {@code X-Forwarded-Proto})
*/
public void setForwardedProtoHeader(String forwardedProtoHeader)
{
- _forwardedProtoHeader = forwardedProtoHeader;
- updateHandles();
+ if (_forwardedProtoHeader == null || !_forwardedProtoHeader.equalsIgnoreCase(forwardedProtoHeader))
+ {
+ _forwardedProtoHeader = forwardedProtoHeader;
+ updateHandles();
+ }
}
/**
@@ -274,13 +287,15 @@ public String getForwardedCipherSuiteHeader()
}
/**
- * @param forwardedCipherSuite
- * The header name holding a forwarded cipher suite (default {@code Proxy-auth-cert})
+ * @param forwardedCipherSuiteHeader The header name holding a forwarded cipher suite (default {@code Proxy-auth-cert})
*/
- public void setForwardedCipherSuiteHeader(String forwardedCipherSuite)
+ public void setForwardedCipherSuiteHeader(String forwardedCipherSuiteHeader)
{
- _forwardedCipherSuiteHeader = forwardedCipherSuite;
- updateHandles();
+ if (_forwardedCipherSuiteHeader == null || !_forwardedCipherSuiteHeader.equalsIgnoreCase(forwardedCipherSuiteHeader))
+ {
+ _forwardedCipherSuiteHeader = forwardedCipherSuiteHeader;
+ updateHandles();
+ }
}
/**
@@ -292,13 +307,15 @@ public String getForwardedSslSessionIdHeader()
}
/**
- * @param forwardedSslSessionId
- * The header name holding a forwarded SSL Session ID (default {@code Proxy-ssl-id})
+ * @param forwardedSslSessionIdHeader The header name holding a forwarded SSL Session ID (default {@code Proxy-ssl-id})
*/
- public void setForwardedSslSessionIdHeader(String forwardedSslSessionId)
+ public void setForwardedSslSessionIdHeader(String forwardedSslSessionIdHeader)
{
- _forwardedSslSessionIdHeader = forwardedSslSessionId;
- updateHandles();
+ if (_forwardedSslSessionIdHeader == null || !_forwardedSslSessionIdHeader.equalsIgnoreCase(forwardedSslSessionIdHeader))
+ {
+ _forwardedSslSessionIdHeader = forwardedSslSessionIdHeader;
+ updateHandles();
+ }
}
/**
@@ -314,10 +331,13 @@ public String getForwardedHttpsHeader()
*/
public void setForwardedHttpsHeader(String forwardedHttpsHeader)
{
- _forwardedHttpsHeader = forwardedHttpsHeader;
- updateHandles();
+ if (_forwardedHttpsHeader == null || !_forwardedHttpsHeader.equalsIgnoreCase(forwardedHttpsHeader))
+ {
+ _forwardedHttpsHeader = forwardedHttpsHeader;
+ updateHandles();
+ }
}
-
+
/**
* @return true if the presence of a SSL session or certificate header is sufficient
* to indicate a secure request (default is true)
@@ -329,7 +349,7 @@ public boolean isSslIsSecure()
/**
* @param sslIsSecure true if the presence of a SSL session or certificate header is sufficient
- * to indicate a secure request (default is true)
+ * to indicate a secure request (default is true)
*/
public void setSslIsSecure(boolean sslIsSecure)
{
@@ -362,13 +382,13 @@ public void customize(Connector connector, HttpConfiguration config, Request req
{
// Update host header
httpFields.put(_forcedHost);
- request.setAuthority(_forcedHost.getHost(),_forcedHost.getPort());
+ request.setAuthority(_forcedHost.getHost(), _forcedHost.getPort());
}
- else if (forwarded._rfc7239!=null && forwarded._rfc7239._host!=null)
+ else if (forwarded._rfc7239 != null && forwarded._rfc7239._host != null)
{
HostPortHttpField auth = forwarded._rfc7239._host;
httpFields.put(auth);
- request.setAuthority(auth.getHost(),auth.getPort());
+ request.setAuthority(auth.getHost(), auth.getPort());
}
else if (forwarded._forwardedHost != null)
{
@@ -378,26 +398,26 @@ else if (forwarded._forwardedHost != null)
}
else if (_proxyAsAuthority)
{
- if (forwarded._rfc7239!=null && forwarded._rfc7239._by!=null)
+ if (forwarded._rfc7239 != null && forwarded._rfc7239._by != null)
{
HostPortHttpField auth = forwarded._rfc7239._by;
httpFields.put(auth);
- request.setAuthority(auth.getHost(),auth.getPort());
+ request.setAuthority(auth.getHost(), auth.getPort());
}
else if (forwarded._forwardedServer != null)
{
- request.setAuthority(forwarded._forwardedServer,request.getServerPort());
+ request.setAuthority(forwarded._forwardedServer, request.getServerPort());
}
}
// handle remote end identifier
- if (forwarded._rfc7239!=null && forwarded._rfc7239._for!=null)
+ if (forwarded._rfc7239 != null && forwarded._rfc7239._for != null)
{
- request.setRemoteAddr(InetSocketAddress.createUnresolved(forwarded._rfc7239._for.getHost(),forwarded._rfc7239._for.getPort()));
+ request.setRemoteAddr(InetSocketAddress.createUnresolved(forwarded._rfc7239._for.getHost(), forwarded._rfc7239._for.getPort()));
}
else if (forwarded._forwardedFor != null)
{
- int port = (forwarded._forwardedPort>0)
+ int port = (forwarded._forwardedPort > 0)
? forwarded._forwardedPort
: (forwarded._forwardedFor.getPort() > 0)
? forwarded._forwardedFor.getPort()
@@ -406,7 +426,7 @@ else if (forwarded._forwardedFor != null)
}
// handle protocol identifier
- if (forwarded._rfc7239!=null && forwarded._rfc7239._proto!=null)
+ if (forwarded._rfc7239 != null && forwarded._rfc7239._proto != null)
{
request.setScheme(forwarded._rfc7239._proto);
if (forwarded._rfc7239._proto.equals(config.getSecureScheme()))
@@ -418,7 +438,7 @@ else if (forwarded._forwardedProto != null)
if (forwarded._forwardedProto.equals(config.getSecureScheme()))
request.setSecure(true);
}
- else if (forwarded._forwardedHttps !=null && ("on".equalsIgnoreCase(forwarded._forwardedHttps)||"true".equalsIgnoreCase(forwarded._forwardedHttps)))
+ else if (forwarded._forwardedHttps != null && ("on".equalsIgnoreCase(forwarded._forwardedHttps) || "true".equalsIgnoreCase(forwarded._forwardedHttps)))
{
request.setScheme(HttpScheme.HTTPS.asString());
if (HttpScheme.HTTPS.asString().equals(config.getSecureScheme()))
@@ -441,7 +461,7 @@ protected String getLeftMost(String headerValue)
}
// The left-most value is the farthest downstream client
- return headerValue.substring(0,commaIndex).trim();
+ return headerValue.substring(0, commaIndex).trim();
}
protected HostPort getRemoteAddr(String headerValue)
@@ -463,11 +483,11 @@ protected HostPort getRemoteAddr(String headerValue)
return null;
}
}
-
+
@Override
public String toString()
{
- return String.format("%s@%x",this.getClass().getSimpleName(),hashCode());
+ return String.format("%s@%x", this.getClass().getSimpleName(), hashCode());
}
@Deprecated
@@ -475,12 +495,11 @@ public String getHostHeader()
{
return _forcedHost.getValue();
}
-
+
/**
* Set a forced valued for the host header to control what is returned by {@link ServletRequest#getServerName()} and {@link ServletRequest#getServerPort()}.
*
- * @param hostHeader
- * The value of the host header to force.
+ * @param hostHeader The value of the host header to force.
*/
@Deprecated
public void setHostHeader(String hostHeader)
@@ -494,7 +513,7 @@ public void setHostHeader(String hostHeader)
HostPortHttpField _for;
HostPortHttpField _host;
String _proto;
-
+
private RFC7239()
{
super(false);
@@ -503,27 +522,27 @@ private RFC7239()
@Override
protected void parsedParam(StringBuffer buffer, int valueLength, int paramName, int paramValue)
{
- if (valueLength==0 && paramValue>paramName)
+ if (valueLength == 0 && paramValue > paramName)
{
- String name=StringUtil.asciiToLowerCase(buffer.substring(paramName,paramValue-1));
- String value=buffer.substring(paramValue);
- switch(name)
+ String name = StringUtil.asciiToLowerCase(buffer.substring(paramName, paramValue - 1));
+ String value = buffer.substring(paramValue);
+ switch (name)
{
case "by":
- if (_by==null && !value.startsWith("_") && !"unknown".equals(value))
- _by=new HostPortHttpField(value);
+ if (_by == null && !value.startsWith("_") && !"unknown".equals(value))
+ _by = new HostPortHttpField(value);
break;
case "for":
- if (_for==null && !value.startsWith("_") && !"unknown".equals(value))
- _for=new HostPortHttpField(value);
+ if (_for == null && !value.startsWith("_") && !"unknown".equals(value))
+ _for = new HostPortHttpField(value);
break;
case "host":
- if (_host==null)
- _host=new HostPortHttpField(value);
+ if (_host == null)
+ _host = new HostPortHttpField(value);
break;
case "proto":
- if (_proto==null)
- _proto=value;
+ if (_proto == null)
+ _proto = value;
break;
}
}
@@ -536,7 +555,7 @@ private void updateHandles()
MethodHandles.Lookup lookup = MethodHandles.lookup();
MethodType type = methodType(Void.TYPE, HttpField.class);
- while(true)
+ while (true)
{
try
{
@@ -563,7 +582,7 @@ private void updateHandles()
continue;
break;
}
- catch (NoSuchMethodException|IllegalAccessException e)
+ catch (NoSuchMethodException | IllegalAccessException e)
{
throw new IllegalStateException(e);
}
@@ -591,7 +610,7 @@ public Forwarded(Request request, HttpConfiguration config)
public void handleCipherSuite(HttpField field)
{
- _request.setAttribute("javax.servlet.request.cipher_suite",field.getValue());
+ _request.setAttribute("javax.servlet.request.cipher_suite", field.getValue());
if (isSslIsSecure())
{
_request.setSecure(true);
@@ -633,6 +652,7 @@ public void handlePort(HttpField field)
{
_forwardedPort = field.getIntValue();
}
+
public void handleHttps(HttpField field)
{
_forwardedHttps = getLeftMost(field.getValue());
@@ -640,11 +660,9 @@ public void handleHttps(HttpField field)
public void handleRFC7239(HttpField field)
{
- if (_rfc7239 ==null)
+ if (_rfc7239 == null)
_rfc7239 = new RFC7239();
_rfc7239.addValue(field.getValue());
}
-
-
}
}

1167
CVE-2020-27223-pre-4.patch
View File

File diff suppressed because it is too large Load Diff

1148
CVE-2020-27223.patch Normal file → Executable file
View File

File diff suppressed because it is too large Load Diff

36
CVE-2021-28165-1.patch
View File

@ -1,36 +0,0 @@
From 00d379c94ba865dced2025c2d1bc3e2e0e41e880 Mon Sep 17 00:00:00 2001
From: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Date: Thu, 18 Mar 2021 08:08:55 -0500
Subject: [PATCH] Fixes #6072 - jetty server high CPU when client send data
length > 17408.
Avoid spinning if the input buffer is full.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
---
.../main/java/org/eclipse/jetty/io/ssl/SslConnection.java | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
index bc2431d..b2482e7 100644
--- a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
+++ b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
@@ -603,7 +603,13 @@ public class SslConnection extends AbstractConnection implements Connection.Upgr
case BUFFER_UNDERFLOW:
if (net_filled > 0)
- continue; // try filling some more
+ {
+ if (BufferUtil.space(_encryptedInput) > 0)
+ continue; // try filling some more
+ BufferUtil.clear(_encryptedInput);
+ throw new SSLHandshakeException("Encrypted buffer max length exceeded");
+ }
+
_underflown = true;
if (net_filled < 0 && _sslEngine.getUseClientMode())
{
--
2.23.0

39
CVE-2021-28165-2.patch
View File

@ -1,39 +0,0 @@
From 294b2ba02b667548617a94cd99592110ac230add Mon Sep 17 00:00:00 2001
From: Simone Bordet <simone.bordet@gmail.com>
Date: Mon, 22 Mar 2021 10:39:36 +0100
Subject: [PATCH] Fixes #6072 - jetty server high CPU when client send data
length > 17408.
Updates after review.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
---
.../main/java/org/eclipse/jetty/io/ssl/SslConnection.java | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
index b2482e7..44c7f10 100644
--- a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
+++ b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
@@ -602,14 +602,15 @@ public class SslConnection extends AbstractConnection implements Connection.Upgr
return filled = -1;
case BUFFER_UNDERFLOW:
- if (net_filled > 0)
+ if (BufferUtil.space(_encryptedInput) == 0)
{
- if (BufferUtil.space(_encryptedInput) > 0)
- continue; // try filling some more
BufferUtil.clear(_encryptedInput);
throw new SSLHandshakeException("Encrypted buffer max length exceeded");
}
+ if (net_filled > 0)
+ continue; // try filling some more
+
_underflown = true;
if (net_filled < 0 && _sslEngine.getUseClientMode())
{
--
2.23.0

533
CVE-2021-28165.patch Executable file
View File

@ -0,0 +1,533 @@
From: Markus Koschany <apo@debian.org>
Date: Sat, 31 Jul 2021 17:24:07 +0200
Subject: CVE-2021-28165
---
.../org/eclipse/jetty/io/ssl/SslConnection.java | 12 +
.../eclipse/jetty/server/ssl/SSLEngineTest.java | 267 +++++++++++++--------
2 files changed, 183 insertions(+), 96 deletions(-)
diff --git a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
index a2c1fdc..c385f27 100644
--- a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
+++ b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
@@ -330,6 +330,11 @@ public class SslConnection extends AbstractConnection implements Connection.Upgr
_decryptedEndPoint.onFillableFail(cause == null ? new IOException() : cause);
}
+ protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException
+ {
+ return sslEngine.unwrap(input, output);
+ }
+
@Override
public String toConnectionString()
{
@@ -602,8 +607,15 @@ public class SslConnection extends AbstractConnection implements Connection.Upgr
return filled = -1;
case BUFFER_UNDERFLOW:
+ if (BufferUtil.space(_encryptedInput) == 0)
+ {
+ BufferUtil.clear(_encryptedInput);
+ throw new SSLHandshakeException("Encrypted buffer max length exceeded");
+ }
+
if (net_filled > 0)
continue; // try filling some more
+
_underflown = true;
if (net_filled < 0 && _sslEngine.getUseClientMode())
{
diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SSLEngineTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SSLEngineTest.java
index ae6a5b6..aa1b9c9 100644
--- a/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SSLEngineTest.java
+++ b/jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SSLEngineTest.java
@@ -1,6 +1,6 @@
//
// ========================================================================
-// Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
+// Copyright (c) 1995-2021 Mort Bay Consulting Pty Ltd and others.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
@@ -34,20 +34,31 @@ import java.net.Socket;
import java.net.SocketException;
import java.net.SocketTimeoutException;
import java.net.URL;
-
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import java.util.concurrent.atomic.AtomicLong;
+import javax.net.SocketFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.eclipse.jetty.io.EndPoint;
+import org.eclipse.jetty.io.ssl.SslConnection;
+import org.eclipse.jetty.server.ConnectionFactory;
+import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.AbstractHandler;
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
import org.eclipse.jetty.util.IO;
@@ -60,6 +71,7 @@ import org.junit.jupiter.api.Test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.is;
+import static org.hamcrest.Matchers.lessThan;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
@@ -69,41 +81,45 @@ import static org.junit.jupiter.api.Assertions.assertNotNull;
public class SSLEngineTest
{
// Useful constants
- private static final String HELLO_WORLD="Hello world. The quick brown fox jumped over the lazy dog. How now brown cow. The rain in spain falls mainly on the plain.\n";
- private static final String JETTY_VERSION= Server.getVersion();
- private static final String PROTOCOL_VERSION="2.0";
-
- /** The request. */
- private static final String REQUEST0_HEADER="POST /r0 HTTP/1.1\n"+"Host: localhost\n"+"Content-Type: text/xml\n"+"Content-Length: ";
- private static final String REQUEST1_HEADER="POST /r1 HTTP/1.1\n"+"Host: localhost\n"+"Content-Type: text/xml\n"+"Connection: close\n"+"Content-Length: ";
- private static final String REQUEST_CONTENT=
- "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"+
- "<requests xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n"+
- " xsi:noNamespaceSchemaLocation=\"commander.xsd\" version=\""+PROTOCOL_VERSION+"\">\n"+
- "</requests>";
-
- private static final String REQUEST0=REQUEST0_HEADER+REQUEST_CONTENT.getBytes().length+"\n\n"+REQUEST_CONTENT;
- private static final String REQUEST1=REQUEST1_HEADER+REQUEST_CONTENT.getBytes().length+"\n\n"+REQUEST_CONTENT;
-
- /** The expected response. */
- private static final String RESPONSE0="HTTP/1.1 200 OK\n"+
- "Content-Length: "+HELLO_WORLD.length()+"\n"+
- "Server: Jetty("+JETTY_VERSION+")\n"+
- '\n'+
+ private static final String HELLO_WORLD = "Hello world. The quick brown fox jumped over the lazy dog. How now brown cow. The rain in spain falls mainly on the plain.\n";
+ private static final String JETTY_VERSION = Server.getVersion();
+ private static final String PROTOCOL_VERSION = "2.0";
+
+ /**
+ * The request.
+ */
+ private static final String REQUEST0_HEADER = "POST /r0 HTTP/1.1\n" + "Host: localhost\n" + "Content-Type: text/xml\n" + "Content-Length: ";
+ private static final String REQUEST1_HEADER = "POST /r1 HTTP/1.1\n" + "Host: localhost\n" + "Content-Type: text/xml\n" + "Connection: close\n" + "Content-Length: ";
+ private static final String REQUEST_CONTENT =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
+ "<requests xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n" +
+ " xsi:noNamespaceSchemaLocation=\"commander.xsd\" version=\"" + PROTOCOL_VERSION + "\">\n" +
+ "</requests>";
+
+ private static final String REQUEST0 = REQUEST0_HEADER + REQUEST_CONTENT.getBytes().length + "\n\n" + REQUEST_CONTENT;
+ private static final String REQUEST1 = REQUEST1_HEADER + REQUEST_CONTENT.getBytes().length + "\n\n" + REQUEST_CONTENT;
+
+ /**
+ * The expected response.
+ */
+ private static final String RESPONSE0 = "HTTP/1.1 200 OK\n" +
+ "Content-Length: " + HELLO_WORLD.length() + "\n" +
+ "Server: Jetty(" + JETTY_VERSION + ")\n" +
+ '\n' +
HELLO_WORLD;
-
- private static final String RESPONSE1="HTTP/1.1 200 OK\n"+
- "Connection: close\n"+
- "Content-Length: "+HELLO_WORLD.length()+"\n"+
- "Server: Jetty("+JETTY_VERSION+")\n"+
- '\n'+
+
+ private static final String RESPONSE1 = "HTTP/1.1 200 OK\n" +
+ "Connection: close\n" +
+ "Content-Length: " + HELLO_WORLD.length() + "\n" +
+ "Server: Jetty(" + JETTY_VERSION + ")\n" +
+ '\n' +
HELLO_WORLD;
- private static final int BODY_SIZE=300;
+ private static final int BODY_SIZE = 300;
private Server server;
private ServerConnector connector;
-
+ private SslContextFactory sslContextFactory;
@BeforeEach
public void startServer() throws Exception
@@ -114,11 +130,11 @@ public class SSLEngineTest
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyManagerPassword("keypwd");
- server=new Server();
+ server = new Server();
HttpConnectionFactory http = new HttpConnectionFactory();
http.setInputBufferSize(512);
http.getHttpConfiguration().setRequestHeaderSize(512);
- connector=new ServerConnector(server, sslContextFactory, http);
+ connector = new ServerConnector(server, sslContextFactory, http);
connector.setPort(0);
connector.getConnectionFactory(HttpConnectionFactory.class).getHttpConfiguration().setSendDateHeader(false);
@@ -138,19 +154,19 @@ public class SSLEngineTest
server.setHandler(new HelloWorldHandler());
server.start();
- SSLContext ctx=SSLContext.getInstance("TLS");
- ctx.init(null,SslContextFactory.TRUST_ALL_CERTS,new java.security.SecureRandom());
+ SSLContext ctx = SSLContext.getInstance("TLS");
+ ctx.init(null, SslContextFactory.TRUST_ALL_CERTS, new java.security.SecureRandom());
- int port=connector.getLocalPort();
+ int port = connector.getLocalPort();
- Socket client=ctx.getSocketFactory().createSocket("localhost",port);
- OutputStream os=client.getOutputStream();
+ Socket client = ctx.getSocketFactory().createSocket("localhost", port);
+ OutputStream os = client.getOutputStream();
String request =
- "GET / HTTP/1.1\r\n"+
- "Host: localhost:"+port+"\r\n"+
- "Connection: close\r\n"+
- "\r\n";
+ "GET / HTTP/1.1\r\n" +
+ "Host: localhost:" + port + "\r\n" +
+ "Connection: close\r\n" +
+ "\r\n";
os.write(request.getBytes());
os.flush();
@@ -158,7 +174,7 @@ public class SSLEngineTest
String response = IO.toString(client.getInputStream());
assertThat(response, Matchers.containsString("200 OK"));
- assertThat(response,Matchers.containsString(HELLO_WORLD));
+ assertThat(response, Matchers.containsString(HELLO_WORLD));
}
@Test
@@ -167,26 +183,81 @@ public class SSLEngineTest
server.setHandler(new HelloWorldHandler());
server.start();
- SSLContext ctx=SSLContext.getInstance("TLS");
- ctx.init(null,SslContextFactory.TRUST_ALL_CERTS,new java.security.SecureRandom());
+ SSLContext ctx = SSLContext.getInstance("TLS");
+ ctx.init(null, SslContextFactory.TRUST_ALL_CERTS, new java.security.SecureRandom());
- int port=connector.getLocalPort();
+ int port = connector.getLocalPort();
- Socket client=ctx.getSocketFactory().createSocket("localhost",port);
- OutputStream os=client.getOutputStream();
+ Socket client = ctx.getSocketFactory().createSocket("localhost", port);
+ OutputStream os = client.getOutputStream();
String request =
- "GET /?dump=102400 HTTP/1.1\r\n"+
- "Host: localhost:"+port+"\r\n"+
- "Connection: close\r\n"+
- "\r\n";
+ "GET /?dump=102400 HTTP/1.1\r\n" +
+ "Host: localhost:" + port + "\r\n" +
+ "Connection: close\r\n" +
+ "\r\n";
os.write(request.getBytes());
os.flush();
String response = IO.toString(client.getInputStream());
- assertThat(response.length(),greaterThan(102400));
+ assertThat(response.length(), greaterThan(102400));
+ }
+
+ @Test
+ public void testInvalidLargeTLSFrame() throws Exception
+ {
+ AtomicLong unwraps = new AtomicLong();
+ ConnectionFactory http = connector.getConnectionFactory(HttpConnectionFactory.class);
+ ConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, http.getProtocol())
+ {
+ @Override
+ protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine)
+ {
+ return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption())
+ {
+ @Override
+ protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException
+ {
+ unwraps.incrementAndGet();
+ return super.unwrap(sslEngine, input, output);
+ }
+ };
+ }
+ };
+ ServerConnector tlsConnector = new ServerConnector(server, 1, 1, ssl, http);
+ server.addConnector(tlsConnector);
+ server.setHandler(new HelloWorldHandler());
+ server.start();
+
+ // Create raw TLS record.
+ byte[] bytes = new byte[20005];
+ Arrays.fill(bytes, (byte)1);
+
+ bytes[0] = 22; // record type
+ bytes[1] = 3; // major version
+ bytes[2] = 3; // minor version
+ bytes[3] = 78; // record length 2 bytes / 0x4E20 / decimal 20,000
+ bytes[4] = 32; // record length
+ bytes[5] = 1; // message type
+ bytes[6] = 0; // message length 3 bytes / 0x004E17 / decimal 19,991
+ bytes[7] = 78;
+ bytes[8] = 23;
+
+ SocketFactory socketFactory = SocketFactory.getDefault();
+ try (Socket client = socketFactory.createSocket("localhost", tlsConnector.getLocalPort()))
+ {
+ client.getOutputStream().write(bytes);
+
+ // Sleep to see if the server spins.
+ Thread.sleep(1000);
+ assertThat(unwraps.get(), lessThan(128L));
+
+ // Read until -1 or read timeout.
+ client.setSoTimeout(1000);
+ IO.readBytes(client.getInputStream());
+ }
}
@Test
@@ -195,63 +266,64 @@ public class SSLEngineTest
server.setHandler(new HelloWorldHandler());
server.start();
- final int loops=10;
- final int numConns=20;
+ final int loops = 10;
+ final int numConns = 20;
- Socket[] client=new Socket[numConns];
+ Socket[] client = new Socket[numConns];
- SSLContext ctx=SSLContext.getInstance("TLSv1.2");
- ctx.init(null,SslContextFactory.TRUST_ALL_CERTS,new java.security.SecureRandom());
+ SSLContext ctx = SSLContext.getInstance("TLSv1.2");
+ ctx.init(null, SslContextFactory.TRUST_ALL_CERTS, new java.security.SecureRandom());
- int port=connector.getLocalPort();
+ int port = connector.getLocalPort();
try
{
- for (int l=0;l<loops;l++)
+ for (int l = 0; l < loops; l++)
{
// System.err.print('.');
try
{
- for (int i=0; i<numConns; ++i)
+ for (int i = 0; i < numConns; ++i)
{
// System.err.println("write:"+i);
- client[i]=ctx.getSocketFactory().createSocket("localhost",port);
- OutputStream os=client[i].getOutputStream();
+ client[i] = ctx.getSocketFactory().createSocket("localhost", port);
+ OutputStream os = client[i].getOutputStream();
os.write(REQUEST0.getBytes());
os.write(REQUEST0.getBytes());
os.flush();
}
- for (int i=0; i<numConns; ++i)
+ for (int i = 0; i < numConns; ++i)
{
// System.err.println("flush:"+i);
- OutputStream os=client[i].getOutputStream();
+ OutputStream os = client[i].getOutputStream();
os.write(REQUEST1.getBytes());
os.flush();
}
- for (int i=0; i<numConns; ++i)
+ for (int i = 0; i < numConns; ++i)
{
// System.err.println("read:"+i);
// Read the response.
- String responses=readResponse(client[i]);
+ String responses = readResponse(client[i]);
// Check the responses
- assertThat(String.format("responses loop=%d connection=%d",l,i),RESPONSE0+RESPONSE0+RESPONSE1,is(responses));
+ assertThat(String.format("responses loop=%d connection=%d", l, i), RESPONSE0 + RESPONSE0 + RESPONSE1, is(responses));
}
}
finally
{
- for (int i=0; i<numConns; ++i)
+ for (int i = 0; i < numConns; ++i)
{
- if (client[i]!=null)
+ if (client[i] != null)
{
try
{
assertThat("Client should read EOF", client[i].getInputStream().read(), is(-1));
}
- catch(SocketException e)
+ catch (SocketException e)
{
+ // no op
}
}
}
@@ -272,10 +344,10 @@ public class SSLEngineTest
server.start();
SSLContext context = SSLContext.getInstance("SSL");
- context.init(null,SslContextFactory.TRUST_ALL_CERTS,new java.security.SecureRandom());
+ context.init(null, SslContextFactory.TRUST_ALL_CERTS, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
- URL url = new URL("https://localhost:"+connector.getLocalPort()+"/test");
+ URL url = new URL("https://localhost:" + connector.getLocalPort() + "/test");
HttpURLConnection conn = (HttpURLConnection)url.openConnection();
if (conn instanceof HttpsURLConnection)
@@ -295,7 +367,7 @@ public class SSLEngineTest
conn.setDoInput(true);
conn.setDoOutput(true);
conn.setRequestMethod("POST");
- conn.setRequestProperty("Content-Type","text/plain");
+ conn.setRequestProperty("Content-Type", "text/plain");
conn.setChunkedStreamingMode(128);
conn.connect();
byte[] b = new byte[BODY_SIZE];
@@ -309,13 +381,15 @@ public class SSLEngineTest
int len = 0;
InputStream is = conn.getInputStream();
- int bytes=0;
+ int bytes = 0;
while ((len = is.read(b)) > -1)
- bytes+=len;
+ {
+ bytes += len;
+ }
is.close();
- assertEquals(BODY_SIZE,handler.bytes);
- assertEquals(BODY_SIZE,bytes);
+ assertEquals(BODY_SIZE, handler.bytes);
+ assertEquals(BODY_SIZE, bytes);
}
/**
@@ -327,30 +401,30 @@ public class SSLEngineTest
*/
private static String readResponse(Socket client) throws IOException
{
- BufferedReader br=null;
- StringBuilder sb=new StringBuilder(1000);
+ BufferedReader br = null;
+ StringBuilder sb = new StringBuilder(1000);
try
{
client.setSoTimeout(5000);
- br=new BufferedReader(new InputStreamReader(client.getInputStream()));
+ br = new BufferedReader(new InputStreamReader(client.getInputStream()));
String line;
- while ((line=br.readLine())!=null)
+ while ((line = br.readLine()) != null)
{
sb.append(line);
sb.append('\n');
}
}
- catch(SocketTimeoutException e)
+ catch (SocketTimeoutException e)
{
- System.err.println("Test timedout: "+e.toString());
+ System.err.println("Test timedout: " + e.toString());
e.printStackTrace(); // added to see if we can get more info from failures on CI
}
finally
{
- if (br!=null)
+ if (br != null)
{
br.close();
}
@@ -364,22 +438,24 @@ public class SSLEngineTest
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
{
// System.err.println("HANDLE "+request.getRequestURI());
- String ssl_id = (String)request.getAttribute("javax.servlet.request.ssl_session_id");
- assertNotNull(ssl_id);
-
- if (request.getParameter("dump")!=null)
+ String sslId = (String)request.getAttribute("javax.servlet.request.ssl_session_id");
+ assertNotNull(sslId);
+
+ if (request.getParameter("dump") != null)
{
- ServletOutputStream out=response.getOutputStream();
+ ServletOutputStream out = response.getOutputStream();
byte[] buf = new byte[Integer.parseInt(request.getParameter("dump"))];
// System.err.println("DUMP "+buf.length);
- for (int i=0;i<buf.length;i++)
- buf[i]=(byte)('0'+(i%10));
+ for (int i = 0; i < buf.length; i++)
+ {
+ buf[i] = (byte)('0' + (i % 10));
+ }
out.write(buf);
out.close();
}
else
{
- PrintWriter out=response.getWriter();
+ PrintWriter out = response.getWriter();
out.print(HELLO_WORLD);
out.close();
}
@@ -388,7 +464,7 @@ public class SSLEngineTest
private static class StreamHandler extends AbstractHandler
{
- private int bytes=0;
+ private int bytes = 0;
@Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
@@ -400,7 +476,7 @@ public class SSLEngineTest
InputStream is = request.getInputStream();
while ((len = is.read(b)) > -1)
{
- bytes+=len;
+ bytes += len;
}
OutputStream os = response.getOutputStream();
@@ -412,5 +488,4 @@ public class SSLEngineTest
response.flushBuffer();
}
}
-
}

241
CVE-2021-28169.patch Normal file → Executable file
View File

@ -1,30 +1,24 @@
From aec4092cc718b61998c1de221c9c728f377cd430 Mon Sep 17 00:00:00 2001 From: Markus Koschany <apo@debian.org>
From: Lachlan <lachlan@webtide.com> Date: Sat, 3 Jul 2021 20:47:31 +0200
Date: Thu, 13 May 2021 01:13:30 +1000 Subject: CVE-2021-28169
Subject: [PATCH] Fixes #6263 - Review URI encoding in ConcatServlet &
WelcomeFilter.
Review URI encoding in ConcatServlet & WelcomeFilter and improve testing. Origin: https://github.com/eclipse/jetty.project/commit/1c05b0bcb181c759e98b060bded0b9376976b055
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
--- ---
.../eclipse/jetty/server/ResourceService.java | 4 +- .../org/eclipse/jetty/server/ResourceService.java | 4 +-
.../eclipse/jetty/servlets/ConcatServlet.java | 4 +- .../org/eclipse/jetty/servlets/ConcatServlet.java | 4 +-
.../eclipse/jetty/servlets/WelcomeFilter.java | 8 +- .../org/eclipse/jetty/servlets/WelcomeFilter.java | 8 +-
.../jetty/servlets/ConcatServletTest.java | 83 ++++++---- .../eclipse/jetty/servlets/ConcatServletTest.java | 34 +++--
.../jetty/servlets/WelcomeFilterTest.java | 143 ++++++++++++++++++ .../eclipse/jetty/servlets/WelcomeFilterTest.java | 143 +++++++++++++++++++++
.../webapp/WebAppDefaultServletTest.java | 142 +++++++++++++++++ .../jetty/webapp/WebAppDefaultServletTest.java | 142 ++++++++++++++++++++
6 files changed, 353 insertions(+), 31 deletions(-) 6 files changed, 313 insertions(+), 22 deletions(-)
create mode 100644 jetty-servlets/src/test/java/org/eclipse/jetty/servlets/WelcomeFilterTest.java create mode 100644 jetty-servlets/src/test/java/org/eclipse/jetty/servlets/WelcomeFilterTest.java
create mode 100644 jetty-webapp/src/test/java/org/eclipse/jetty/webapp/WebAppDefaultServletTest.java create mode 100644 jetty-webapp/src/test/java/org/eclipse/jetty/webapp/WebAppDefaultServletTest.java
diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/ResourceService.java b/jetty-server/src/main/java/org/eclipse/jetty/server/ResourceService.java diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/ResourceService.java b/jetty-server/src/main/java/org/eclipse/jetty/server/ResourceService.java
index 3d3f05c..5ce24b4 100644 index 048bd71..737f461 100644
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/ResourceService.java --- a/jetty-server/src/main/java/org/eclipse/jetty/server/ResourceService.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/ResourceService.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/ResourceService.java
@@ -236,7 +236,7 @@ public class ResourceService @@ -234,7 +234,7 @@ public class ResourceService
// Find the content // Find the content
content=_contentFactory.getContent(pathInContext,response.getBufferSize()); content=_contentFactory.getContent(pathInContext,response.getBufferSize());
if (LOG.isDebugEnabled()) if (LOG.isDebugEnabled())
@ -33,12 +27,12 @@ index 3d3f05c..5ce24b4 100644
// Not found? // Not found?
if (content==null || !content.getResource().exists()) if (content==null || !content.getResource().exists())
@@ -422,7 +422,7 @@ public class ResourceService @@ -420,7 +420,7 @@ public class ResourceService
return; return;
} }
- RequestDispatcher dispatcher=context.getRequestDispatcher(welcome); - RequestDispatcher dispatcher=context.getRequestDispatcher(welcome);
+ RequestDispatcher dispatcher = context.getRequestDispatcher(URIUtil.encodePath(welcome)); + RequestDispatcher dispatcher = context.getRequestDispatcher(URIUtil.encodePath(welcome));
if (dispatcher!=null) if (dispatcher!=null)
{ {
// Forward to the index // Forward to the index
@ -65,7 +59,7 @@ index a4b7df0..f1d8e57 100644
dispatchers.add(dispatcher); dispatchers.add(dispatcher);
} }
diff --git a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java diff --git a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java
index e67a067..492a8ca 100644 index e67a067..22ea603 100644
--- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java --- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java
+++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java +++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java
@@ -28,6 +28,8 @@ import javax.servlet.ServletRequest; @@ -28,6 +28,8 @@ import javax.servlet.ServletRequest;
@ -92,140 +86,114 @@ index e67a067..492a8ca 100644
- request.getRequestDispatcher(path+welcome).forward(request,response); - request.getRequestDispatcher(path+welcome).forward(request,response);
+ { + {
+ String uriInContext = URIUtil.encodePath(URIUtil.addPaths(path, welcome)); + String uriInContext = URIUtil.encodePath(URIUtil.addPaths(path, welcome));
+ request.getRequestDispatcher(uriInContext).forward(request, response); + request.getRequestDispatcher(uriInContext).forward(request, response);
+ } + }
else else
chain.doFilter(request, response); chain.doFilter(request, response);
} }
diff --git a/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/ConcatServletTest.java b/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/ConcatServletTest.java diff --git a/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/ConcatServletTest.java b/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/ConcatServletTest.java
index 3fcb9af..b815b35 100644 index 3fcb9af..f8ea087 100644
--- a/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/ConcatServletTest.java --- a/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/ConcatServletTest.java
+++ b/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/ConcatServletTest.java +++ b/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/ConcatServletTest.java
@@ -32,6 +32,7 @@ import java.nio.charset.StandardCharsets; @@ -1,6 +1,6 @@
//
// ========================================================================
-// Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
+// Copyright (c) 1995-2021 Mort Bay Consulting Pty Ltd and others.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
@@ -18,11 +18,6 @@
package org.eclipse.jetty.servlets;
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
@@ -31,7 +26,6 @@ import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.Path; import java.nio.file.Path;
-
+import java.util.stream.Stream;
import javax.servlet.RequestDispatcher; import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServlet;
@@ -48,7 +49,12 @@ import org.junit.jupiter.api.AfterEach; @@ -45,10 +39,14 @@ import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
import org.eclipse.jetty.webapp.WebAppContext;
import org.junit.jupiter.api.AfterEach;
-
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
+import static org.hamcrest.MatcherAssert.assertThat; +import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.hamcrest.Matchers.startsWith; +import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
public class ConcatServletTest public class ConcatServletTest
{ {
private Server server; private Server server;
@@ -114,7 +120,7 @@ public class ConcatServletTest @@ -92,8 +90,8 @@ public class ConcatServletTest
} String resource1 = "/resource/one.js";
String resource2 = "/resource/two.js";
@Test String uri = contextPath + concatPath + "?" + resource1 + "&" + resource2;
- public void testWEBINFResourceIsNotServed() throws Exception - String request = "" +
+ public void testDirectoryNotAccessible() throws Exception
{
File directoryFile = MavenTestingUtils.getTargetTestingDir();
Path directoryPath = directoryFile.toPath();
@@ -136,9 +142,8 @@ public class ConcatServletTest
// Verify that I can get the file programmatically, as required by the spec.
assertNotNull(context.getServletContext().getResource("/WEB-INF/one.js"));
- // Having a path segment and then ".." triggers a special case
- // that the ConcatServlet must detect and avoid.
- String uri = contextPath + concatPath + "?/trick/../WEB-INF/one.js";
+ // Make sure ConcatServlet cannot see file system files.
+ String uri = contextPath + concatPath + "?/trick/../../" + directoryFile.getName();
String request = "" +
"GET " + uri + " HTTP/1.1\r\n" +
"Host: localhost\r\n" +
@@ -146,35 +151,59 @@ public class ConcatServletTest
"\r\n";
String response = connector.getResponse(request);
assertTrue(response.startsWith("HTTP/1.1 404 "));
+ }
- // Make sure ConcatServlet behaves well if it's case insensitive.
- uri = contextPath + concatPath + "?/trick/../web-inf/one.js";
- request = "" +
- "GET " + uri + " HTTP/1.1\r\n" + - "GET " + uri + " HTTP/1.1\r\n" +
- "Host: localhost\r\n" + + String request =
- "Connection: close\r\n" + + "GET " + uri + " HTTP/1.1\r\n" +
- "\r\n"; "Host: localhost\r\n" +
- response = connector.getResponse(request); "Connection: close\r\n" +
- assertTrue(response.startsWith("HTTP/1.1 404 ")); "\r\n";
+ public static Stream<Arguments> webInfTestExamples() @@ -139,8 +137,8 @@ public class ConcatServletTest
+ { // Having a path segment and then ".." triggers a special case
+ return Stream.of( // that the ConcatServlet must detect and avoid.
+ // Cannot access WEB-INF. String uri = contextPath + concatPath + "?/trick/../WEB-INF/one.js";
+ Arguments.of("?/WEB-INF/", "HTTP/1.1 404 "), - String request = "" +
+ Arguments.of("?/WEB-INF/one.js", "HTTP/1.1 404 "), - "GET " + uri + " HTTP/1.1\r\n" +
+ + String request =
+ // Having a path segment and then ".." triggers a special case that the ConcatServlet must detect and avoid. + "GET " + uri + " HTTP/1.1\r\n" +
+ Arguments.of("?/trick/../WEB-INF/one.js", "HTTP/1.1 404 "), "Host: localhost\r\n" +
+ "Connection: close\r\n" +
+ // Make sure ConcatServlet behaves well if it's case insensitive. "\r\n";
+ Arguments.of("?/trick/../web-inf/one.js", "HTTP/1.1 404 "), @@ -149,8 +147,8 @@ public class ConcatServletTest
+
+ // Make sure ConcatServlet behaves well if encoded. // Make sure ConcatServlet behaves well if it's case insensitive.
+ Arguments.of("?/trick/..%2FWEB-INF%2Fone.js", "HTTP/1.1 404 "), uri = contextPath + concatPath + "?/trick/../web-inf/one.js";
+ Arguments.of("?/%2557EB-INF/one.js", "HTTP/1.1 500 "), - request = "" +
+ Arguments.of("?/js/%252e%252e/WEB-INF/one.js", "HTTP/1.1 500 ") - "GET " + uri + " HTTP/1.1\r\n" +
+ ); + request =
+ } + "GET " + uri + " HTTP/1.1\r\n" +
"Host: localhost\r\n" +
- // Make sure ConcatServlet behaves well if encoded. "Connection: close\r\n" +
- uri = contextPath + concatPath + "?/trick/..%2FWEB-INF%2Fone.js"; "\r\n";
- request = "" + @@ -159,8 +157,8 @@ public class ConcatServletTest
- "GET " + uri + " HTTP/1.1\r\n" +
- "Host: localhost\r\n" + // Make sure ConcatServlet behaves well if encoded.
- "Connection: close\r\n" + uri = contextPath + concatPath + "?/trick/..%2FWEB-INF%2Fone.js";
- "\r\n"; - request = "" +
- response = connector.getResponse(request); - "GET " + uri + " HTTP/1.1\r\n" +
- assertTrue(response.startsWith("HTTP/1.1 404 ")); + request =
+ @ParameterizedTest + "GET " + uri + " HTTP/1.1\r\n" +
+ @MethodSource("webInfTestExamples") "Host: localhost\r\n" +
+ public void testWEBINFResourceIsNotServed(String querystring, String expectedStatus) throws Exception "Connection: close\r\n" +
+ { "\r\n";
+ File directoryFile = MavenTestingUtils.getTargetTestingDir(); @@ -169,8 +167,8 @@ public class ConcatServletTest
+ Path directoryPath = directoryFile.toPath();
+ Path hiddenDirectory = directoryPath.resolve("WEB-INF"); // Make sure ConcatServlet cannot see file system files.
+ Files.createDirectories(hiddenDirectory); uri = contextPath + concatPath + "?/trick/../../" + directoryFile.getName();
+ Path hiddenResource = hiddenDirectory.resolve("one.js"); - request = "" +
+ try (OutputStream output = Files.newOutputStream(hiddenResource)) - "GET " + uri + " HTTP/1.1\r\n" +
+ { + request =
+ output.write("function() {}".getBytes(StandardCharsets.UTF_8)); + "GET " + uri + " HTTP/1.1\r\n" +
+ }
+
+ String contextPath = "";
+ WebAppContext context = new WebAppContext(server, directoryPath.toString(), contextPath);
+ server.setHandler(context);
+ String concatPath = "/concat";
+ context.addServlet(ConcatServlet.class, concatPath);
+ server.start();
- // Make sure ConcatServlet cannot see file system files.
- uri = contextPath + concatPath + "?/trick/../../" + directoryFile.getName();
- request = "" +
+ // Verify that I can get the file programmatically, as required by the spec.
+ assertNotNull(context.getServletContext().getResource("/WEB-INF/one.js"));
+
+ String uri = contextPath + concatPath + querystring;
+ String request =
"GET " + uri + " HTTP/1.1\r\n" +
"Host: localhost\r\n" + "Host: localhost\r\n" +
"Connection: close\r\n" + "Connection: close\r\n" +
"\r\n"; "\r\n";
- response = connector.getResponse(request);
- assertTrue(response.startsWith("HTTP/1.1 404 "));
+ String response = connector.getResponse(request);
+ assertThat(response, startsWith(expectedStatus));
}
}
diff --git a/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/WelcomeFilterTest.java b/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/WelcomeFilterTest.java diff --git a/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/WelcomeFilterTest.java b/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/WelcomeFilterTest.java
new file mode 100644 new file mode 100644
index 0000000..65e6503 index 0000000..65e6503
@ -523,6 +491,3 @@ index 0000000..933bb7a
+ } + }
+ } + }
+} +}
--
2.23.0

657
CVE-2021-34428.patch Normal file → Executable file
View File

@ -1,21 +1,16 @@
From 91d9850d64076cad97611a3379775e01acddf986 Mon Sep 17 00:00:00 2001 From: Markus Koschany <apo@debian.org>
From: Jan Bartel <janb@webtide.com> Date: Sat, 3 Jul 2021 20:28:06 +0200
Date: Sun, 16 May 2021 09:45:50 +1000 Subject: CVE-2021-34428
Subject: [PATCH] Issue #6277 Better handling of exceptions thrown in
sessionDestroyed (#6278)
* Issue #6277 Better handling of exceptions thrown in sessionDestroyed
Signed-off-by: Jan Bartel <janb@webtide.com>
Origin: https://github.com/eclipse/jetty.project/commit/cd6462a6252d083b3c9ea2684aab0b4c9669ed19
--- ---
.../eclipse/jetty/server/session/Session.java | 9 +- .../org/eclipse/jetty/server/session/Session.java | 9 +-
.../session/TestHttpSessionListener.java | 26 ++++-- .../server/session/TestHttpSessionListener.java | 24 +-
.../server/session/SessionListenerTest.java | 82 +++++++++++++++++-- .../jetty/server/session/SessionListenerTest.java | 367 +++++++++++++++------
3 files changed, 102 insertions(+), 15 deletions(-) 3 files changed, 291 insertions(+), 109 deletions(-)
diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/session/Session.java b/jetty-server/src/main/java/org/eclipse/jetty/server/session/Session.java diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/session/Session.java b/jetty-server/src/main/java/org/eclipse/jetty/server/session/Session.java
index a34bc0f..ecaf7c7 100644 index a34bc0f..d667560 100644
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/session/Session.java --- a/jetty-server/src/main/java/org/eclipse/jetty/server/session/Session.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/session/Session.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/session/Session.java
@@ -506,6 +506,7 @@ public class Session implements SessionHandler.SessionIf @@ -506,6 +506,7 @@ public class Session implements SessionHandler.SessionIf
@ -30,17 +25,17 @@ index a34bc0f..ecaf7c7 100644
// do the invalidation // do the invalidation
_handler.callSessionDestroyedListeners(this); _handler.callSessionDestroyedListeners(this);
} }
+ catch (Exception e) + catch (Exception e)
+ { + {
+ LOG.warn("Error during Session destroy listener", e); + LOG.warn("Error during Session destroy listener", e);
+ } + }
finally finally
{ {
// call the attribute removed listeners and finally mark it // call the attribute removed listeners and finally mark it
// as invalid // as invalid
finishInvalidate(); finishInvalidate();
+ // tell id mgr to remove sessions with same id from all contexts + // tell id mgr to remove sessions with same id from all contexts
+ _handler.getSessionIdManager().invalidateAll(_sessionData.getId()); + _handler.getSessionIdManager().invalidateAll(_sessionData.getId());
} }
- // tell id mgr to remove sessions with same id from all contexts - // tell id mgr to remove sessions with same id from all contexts
- _handler.getSessionIdManager().invalidateAll(_sessionData.getId()); - _handler.getSessionIdManager().invalidateAll(_sessionData.getId());
@ -48,16 +43,14 @@ index a34bc0f..ecaf7c7 100644
} }
catch (Exception e) catch (Exception e)
diff --git a/tests/test-sessions/test-sessions-common/src/main/java/org/eclipse/jetty/server/session/TestHttpSessionListener.java b/tests/test-sessions/test-sessions-common/src/main/java/org/eclipse/jetty/server/session/TestHttpSessionListener.java diff --git a/tests/test-sessions/test-sessions-common/src/main/java/org/eclipse/jetty/server/session/TestHttpSessionListener.java b/tests/test-sessions/test-sessions-common/src/main/java/org/eclipse/jetty/server/session/TestHttpSessionListener.java
index 770627b..b736fdf 100644 index 770627b..dd8982f 100644
--- a/tests/test-sessions/test-sessions-common/src/main/java/org/eclipse/jetty/server/session/TestHttpSessionListener.java --- a/tests/test-sessions/test-sessions-common/src/main/java/org/eclipse/jetty/server/session/TestHttpSessionListener.java
+++ b/tests/test-sessions/test-sessions-common/src/main/java/org/eclipse/jetty/server/session/TestHttpSessionListener.java +++ b/tests/test-sessions/test-sessions-common/src/main/java/org/eclipse/jetty/server/session/TestHttpSessionListener.java
@@ -34,17 +34,19 @@ public class TestHttpSessionListener implements HttpSessionListener @@ -35,16 +35,18 @@ public class TestHttpSessionListener implements HttpSessionListener
{
public List<String> createdSessions = new ArrayList<>(); public List<String> createdSessions = new ArrayList<>();
public List<String> destroyedSessions = new ArrayList<>(); public List<String> destroyedSessions = new ArrayList<>();
- public boolean accessAttribute = false; public boolean accessAttribute = false;
- public Exception ex = null; - public Exception ex = null;
+ public boolean accessAttribute = false;
+ public boolean lastAccessTime = false; + public boolean lastAccessTime = false;
+ public Exception attributeException = null; + public Exception attributeException = null;
+ public Exception accessTimeException = null; + public Exception accessTimeException = null;
@ -67,7 +60,7 @@ index 770627b..b736fdf 100644
{ {
- accessAttribute = access; - accessAttribute = access;
+ this.accessAttribute = accessAttribute; + this.accessAttribute = accessAttribute;
+ this.lastAccessTime = lastAccessTime; + this.lastAccessTime = lastAccessTime;
} }
public TestHttpSessionListener() public TestHttpSessionListener()
@ -76,55 +69,182 @@ index 770627b..b736fdf 100644
} }
public void sessionDestroyed(HttpSessionEvent se) public void sessionDestroyed(HttpSessionEvent se)
@@ -58,9 +60,21 @@ public class TestHttpSessionListener implements HttpSessionListener @@ -58,7 +60,19 @@ public class TestHttpSessionListener implements HttpSessionListener
} }
catch (Exception e) catch (Exception e)
{ {
- ex = e; - ex = e;
+ attributeException = e; + attributeException = e;
+ }
+ }
+
+ if (lastAccessTime)
+ {
+ try
+ {
+ se.getSession().getLastAccessedTime();
+ }
+ catch (Exception e)
+ {
+ accessTimeException = e;
} }
} }
+
+ if (lastAccessTime)
+ {
+ try
+ {
+ se.getSession().getLastAccessedTime();
+ }
+ catch (Exception e)
+ {
+ accessTimeException = e;
+ }
+ }
} }
public void sessionCreated(HttpSessionEvent se)
diff --git a/tests/test-sessions/test-sessions-common/src/test/java/org/eclipse/jetty/server/session/SessionListenerTest.java b/tests/test-sessions/test-sessions-common/src/test/java/org/eclipse/jetty/server/session/SessionListenerTest.java diff --git a/tests/test-sessions/test-sessions-common/src/test/java/org/eclipse/jetty/server/session/SessionListenerTest.java b/tests/test-sessions/test-sessions-common/src/test/java/org/eclipse/jetty/server/session/SessionListenerTest.java
index ba83986..24ac045 100644 index ba83986..363d1e3 100644
--- a/tests/test-sessions/test-sessions-common/src/test/java/org/eclipse/jetty/server/session/SessionListenerTest.java --- a/tests/test-sessions/test-sessions-common/src/test/java/org/eclipse/jetty/server/session/SessionListenerTest.java
+++ b/tests/test-sessions/test-sessions-common/src/test/java/org/eclipse/jetty/server/session/SessionListenerTest.java +++ b/tests/test-sessions/test-sessions-common/src/test/java/org/eclipse/jetty/server/session/SessionListenerTest.java
@@ -21,6 +21,7 @@ package org.eclipse.jetty.server.session; @@ -1,6 +1,6 @@
import static org.hamcrest.MatcherAssert.assertThat; //
import static org.hamcrest.Matchers.isIn; // ========================================================================
import static org.junit.jupiter.api.Assertions.assertEquals; -// Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
+// Copyright (c) 1995-2021 Mort Bay Consulting Pty Ltd and others.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
@@ -18,19 +18,17 @@
package org.eclipse.jetty.server.session;
-import static org.hamcrest.MatcherAssert.assertThat;
-import static org.hamcrest.Matchers.isIn;
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertNotEquals;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-
import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
import java.io.Serializable;
import java.net.HttpCookie;
+import java.net.URL;
+import java.net.URLClassLoader;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Collection;
import java.util.concurrent.TimeUnit;
-
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
@@ -38,53 +36,140 @@ import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionBindingEvent;
import javax.servlet.http.HttpSessionBindingListener;
+import javax.servlet.http.HttpSessionEvent;
+import javax.servlet.http.HttpSessionListener;
import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.client.api.ContentResponse;
import org.eclipse.jetty.client.api.Request;
+import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
+import org.eclipse.jetty.toolchain.test.IO;
+import org.eclipse.jetty.toolchain.test.jupiter.WorkDir;
+import org.eclipse.jetty.toolchain.test.jupiter.WorkDirExtension;
+import org.eclipse.jetty.util.component.LifeCycle;
+import org.eclipse.jetty.webapp.WebAppContext;
import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.api.Disabled;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.greaterThan;
+//import static org.hamcrest.Matchers.in;
+import static org.hamcrest.Matchers.is;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotEquals; +import static org.junit.jupiter.api.Assertions.assertNotEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertNull;
@@ -74,7 +75,7 @@ public class SessionListenerTest +import static org.junit.jupiter.api.Assertions.assertTrue;
TestServer server = new TestServer(0, inactivePeriod, scavengePeriod,
cacheFactory, storeFactory); /**
* SessionListenerTest
*
* Test that session listeners are called.
*/
+@ExtendWith(WorkDirExtension.class)
public class SessionListenerTest
{
+ public WorkDir workDir;
+
/**
* Test that listeners are called when a session is deliberately invalidated.
- *
- * @throws Exception
*/
+ @Disabled
@Test
public void testListenerWithInvalidation() throws Exception
{
String contextPath = "";
String servletMapping = "/server";
int inactivePeriod = 6;
- int scavengePeriod = -1;
+ int scavengePeriod = -1;
DefaultSessionCacheFactory cacheFactory = new DefaultSessionCacheFactory();
cacheFactory.setEvictionPolicy(SessionCache.NEVER_EVICT);
- SessionDataStoreFactory storeFactory = new TestSessionDataStoreFactory();
- ((AbstractSessionDataStoreFactory)storeFactory).setGracePeriodSec(scavengePeriod);
+ TestSessionDataStoreFactory storeFactory = new TestSessionDataStoreFactory();
+ storeFactory.setGracePeriodSec(scavengePeriod);
- TestServer server = new TestServer(0, inactivePeriod, scavengePeriod,
- cacheFactory, storeFactory);
+ TestServer server = new TestServer(0, inactivePeriod, scavengePeriod,
+ cacheFactory, storeFactory);
ServletContextHandler context = server.addContext(contextPath); ServletContextHandler context = server.addContext(contextPath);
- TestHttpSessionListener listener = new TestHttpSessionListener(true); - TestHttpSessionListener listener = new TestHttpSessionListener(true);
+ TestHttpSessionListener listener = new TestHttpSessionListener(true,true); + TestHttpSessionListener listener = new TestHttpSessionListener(true, true);
context.getSessionHandler().addEventListener(listener); context.getSessionHandler().addEventListener(listener);
TestServlet servlet = new TestServlet(); TestServlet servlet = new TestServlet();
ServletHolder holder = new ServletHolder(servlet); ServletHolder holder = new ServletHolder(servlet);
@@ -120,6 +121,73 @@ public class SessionListenerTest context.addServlet(holder, servletMapping);
}
+ +
+ try
+ {
+ server.start();
+ int port1 = server.getPort();
+
+ HttpClient client = new HttpClient();
+ client.start();
+ try
+ {
+ String url = "http://localhost:" + port1 + contextPath + servletMapping;
+ // Create the session
+ ContentResponse response1 = client.GET(url + "?action=init");
+ assertEquals(HttpServletResponse.SC_OK, response1.getStatus());
+ String sessionCookie = response1.getHeaders().get("Set-Cookie");
+ assertNotNull(sessionCookie);
+ assertTrue(TestServlet.bindingListener.bound);
+
+ String sessionId = TestServer.extractSessionId(sessionCookie);
+ //assertThat(sessionId, is(in(listener.createdSessions)));
+
+ // Make a request which will invalidate the existing session
+ Request request2 = client.newRequest(url + "?action=test");
+ ContentResponse response2 = request2.send();
+ assertEquals(HttpServletResponse.SC_OK, response2.getStatus());
+
+ assertTrue(TestServlet.bindingListener.unbound);
+ assertTrue(listener.destroyedSessions.contains(sessionId));
+ }
+ finally
+ {
+ LifeCycle.stop(client);
+ }
+ }
+ finally
+ {
+ LifeCycle.stop(server);
+ }
+ }
+ /** + /**
+ * Test that if a session listener throws an exception during sessionDestroyed the session is still invalidated + * Test that if a session listener throws an exception during sessionDestroyed the session is still invalidated
+ */ + */
@ -150,40 +270,322 @@ index ba83986..24ac045 100644
+ ServletHolder holder = new ServletHolder(servlet); + ServletHolder holder = new ServletHolder(servlet);
+ context.addServlet(holder, servletMapping); + context.addServlet(holder, servletMapping);
+ +
+ try try
+ { {
+ server.start(); server.start();
+ int port1 = server.getPort(); int port1 = server.getPort();
-
+ +
+ HttpClient client = new HttpClient(); HttpClient client = new HttpClient();
+ client.start(); client.start();
+ try try
+ { @@ -92,42 +177,59 @@ public class SessionListenerTest
+ String url = "http://localhost:" + port1 + contextPath + servletMapping; String url = "http://localhost:" + port1 + contextPath + servletMapping;
+ // Create the session // Create the session
+ ContentResponse response1 = client.GET(url + "?action=init"); ContentResponse response1 = client.GET(url + "?action=init");
- assertEquals(HttpServletResponse.SC_OK,response1.getStatus());
+ assertEquals(HttpServletResponse.SC_OK, response1.getStatus()); + assertEquals(HttpServletResponse.SC_OK, response1.getStatus());
+ String sessionCookie = response1.getHeaders().get("Set-Cookie"); String sessionCookie = response1.getHeaders().get("Set-Cookie");
- assertTrue(sessionCookie != null);
- assertTrue (TestServlet.bindingListener.bound);
-
+ assertNotNull(sessionCookie); + assertNotNull(sessionCookie);
+ assertTrue(TestServlet.bindingListener.bound); + assertTrue(TestServlet.bindingListener.bound);
+ +
+ String sessionId = TestServer.extractSessionId(sessionCookie); String sessionId = TestServer.extractSessionId(sessionCookie);
- assertThat(sessionId, isIn(listener.createdSessions));
-
+ +
+ // Make a request which will invalidate the existing session // Make a request which will invalidate the existing session
+ Request request2 = client.newRequest(url + "?action=test"); Request request2 = client.newRequest(url + "?action=test");
+ ContentResponse response2 = request2.send(); ContentResponse response2 = request2.send();
- assertEquals(HttpServletResponse.SC_OK,response2.getStatus());
+ assertEquals(HttpServletResponse.SC_OK, response2.getStatus()); + assertEquals(HttpServletResponse.SC_OK, response2.getStatus());
+
- assertTrue (TestServlet.bindingListener.unbound);
- assertTrue (listener.destroyedSessions.contains(sessionId));
+ assertTrue(TestServlet.bindingListener.unbound); + assertTrue(TestServlet.bindingListener.unbound);
+ +
+ //check session no longer exists + //check session no longer exists
+ assertFalse(context.getSessionHandler().getSessionCache().contains(sessionId)); + assertFalse(context.getSessionHandler().getSessionCache().contains(sessionId));
+ assertFalse(context.getSessionHandler().getSessionCache().getSessionDataStore().exists(sessionId)); + assertFalse(context.getSessionHandler().getSessionCache().getSessionDataStore().exists(sessionId));
}
finally
{
- client.stop();
+ LifeCycle.stop(client);
}
}
finally
{
- server.stop();
+ LifeCycle.stop(server);
}
}
-
/**
- * Test that listeners are called when a session expires.
- *
- * @throws Exception
+ * Test that listeners are called when a session expires
+ * and that the listener is able to access webapp classes.
*/
+ @Disabled
@Test
public void testSessionExpiresWithListener() throws Exception
{
+ Path foodir = workDir.getEmptyPathDir();
+ Path fooClass = foodir.resolve("Foo.class");
+
+ //Use a class that would only be known to the webapp classloader
+ try (InputStream foostream = Thread.currentThread().getContextClassLoader().getResourceAsStream("Foo.clazz");
+ OutputStream out = Files.newOutputStream(fooClass))
+ {
+ IO.copy(foostream, out);
+ }
+
+ assertTrue(Files.exists(fooClass));
+ assertThat(Files.size(fooClass), greaterThan(0L));
+
+ URL[] foodirUrls = new URL[]{foodir.toUri().toURL()};
+ URLClassLoader contextClassLoader = new URLClassLoader(foodirUrls, Thread.currentThread().getContextClassLoader());
+
String contextPath = "/";
String servletMapping = "/server";
int inactivePeriod = 3;
@@ -135,58 +237,66 @@ public class SessionListenerTest
DefaultSessionCacheFactory cacheFactory = new DefaultSessionCacheFactory();
cacheFactory.setEvictionPolicy(SessionCache.NEVER_EVICT);
- SessionDataStoreFactory storeFactory = new TestSessionDataStoreFactory();
- ((AbstractSessionDataStoreFactory)storeFactory).setGracePeriodSec(scavengePeriod);
+ TestSessionDataStoreFactory storeFactory = new TestSessionDataStoreFactory();
+ storeFactory.setGracePeriodSec(scavengePeriod);
TestServer server1 = new TestServer(0, inactivePeriod, scavengePeriod,
- cacheFactory, storeFactory);
+ cacheFactory, storeFactory);
TestServlet servlet = new TestServlet();
ServletHolder holder = new ServletHolder(servlet);
ServletContextHandler context = server1.addContext(contextPath);
+ context.setClassLoader(contextClassLoader);
context.addServlet(holder, servletMapping);
- TestHttpSessionListener listener = new TestHttpSessionListener(true);
+ //TestHttpSessionListener listener = new TestHttpSessionListenerWithWebappClasses(true, true);
+ TestHttpSessionListener listener = null;
context.getSessionHandler().addEventListener(listener);
-
- server1.start();
- int port1 = server1.getPort();
try
{
+ server1.start();
+ int port1 = server1.getPort();
+
HttpClient client = new HttpClient();
- client.start();
- String url = "http://localhost:" + port1 + contextPath + servletMapping.substring(1);
+ try
+ {
+ client.start();
+ String url = "http://localhost:" + port1 + contextPath + servletMapping.substring(1);
- //make a request to set up a session on the server
- ContentResponse response1 = client.GET(url + "?action=init");
- assertEquals(HttpServletResponse.SC_OK,response1.getStatus());
- String sessionCookie = response1.getHeaders().get("Set-Cookie");
- assertTrue(sessionCookie != null);
-
- String sessionId = TestServer.extractSessionId(sessionCookie);
+ //make a request to set up a session on the server
+ ContentResponse response1 = client.GET(url + "?action=init");
+ assertEquals(HttpServletResponse.SC_OK, response1.getStatus());
+ String sessionCookie = response1.getHeaders().get("Set-Cookie");
+ assertNotNull(sessionCookie);
+
+ String sessionId = TestServer.extractSessionId(sessionCookie);
+
+ //assertThat(sessionId, is(in(listener.createdSessions)));
- assertThat(sessionId, isIn(listener.createdSessions));
-
- //and wait until the session should have expired
- Thread.currentThread().sleep(TimeUnit.SECONDS.toMillis(inactivePeriod+(scavengePeriod)));
+ //and wait until the session should have expired
+ Thread.sleep(TimeUnit.SECONDS.toMillis(inactivePeriod + (2 * scavengePeriod)));
- assertThat(sessionId, isIn(listener.destroyedSessions));
+ //assertThat(sessionId, is(in(listener.destroyedSessions)));
- assertNull(listener.ex);
+ assertNull(listener.attributeException);
+ assertNull(listener.accessTimeException);
+ } + }
+ finally + finally
+ { + {
+ LifeCycle.stop(client); + LifeCycle.stop(client);
+ } + }
}
finally
{
server1.stop();
- }
+ }
}
-
+
/**
* Check that a session that is expired cannot be reused, and expiry listeners are called for it
- *
- * @throws Exception
*/
@Test
public void testExpiredSession() throws Exception
- {
+ {
String contextPath = "/";
String servletMapping = "/server";
int inactivePeriod = 4;
@@ -194,65 +304,122 @@ public class SessionListenerTest
DefaultSessionCacheFactory cacheFactory = new DefaultSessionCacheFactory();
cacheFactory.setEvictionPolicy(SessionCache.NEVER_EVICT);
- SessionDataStoreFactory storeFactory = new TestSessionDataStoreFactory();
- ((AbstractSessionDataStoreFactory)storeFactory).setGracePeriodSec(scavengePeriod);
+ TestSessionDataStoreFactory storeFactory = new TestSessionDataStoreFactory();
+ storeFactory.setGracePeriodSec(scavengePeriod);
TestServer server1 = new TestServer(0, inactivePeriod, scavengePeriod,
- cacheFactory, storeFactory);
+ cacheFactory, storeFactory);
SimpleTestServlet servlet = new SimpleTestServlet();
ServletHolder holder = new ServletHolder(servlet);
ServletContextHandler context = server1.addContext(contextPath);
context.addServlet(holder, servletMapping);
- TestHttpSessionListener listener = new TestHttpSessionListener();
-
+ TestHttpSessionListener listener = new TestHttpSessionListener(true, true);
+
context.getSessionHandler().addEventListener(listener);
-
- server1.start();
- int port1 = server1.getPort();
try
- {
+ {
+ server1.start();
+ int port1 = server1.getPort();
+
//save a session that has already expired
long now = System.currentTimeMillis();
- SessionData data = context.getSessionHandler().getSessionCache().getSessionDataStore().newSessionData("1234", now-10, now-5, now-10, 30000);
+ SessionData data = context.getSessionHandler().getSessionCache().getSessionDataStore().newSessionData("1234", now - 10, now - 5, now - 10, 30000);
data.setExpiry(100); //make it expired a long time ago
context.getSessionHandler().getSessionCache().getSessionDataStore().store("1234", data);
-
+
HttpClient client = new HttpClient();
- client.start();
+ try
+ {
+ client.start();
+
+ port1 = server1.getPort();
+ String url = "http://localhost:" + port1 + contextPath + servletMapping.substring(1);
+
+ //make another request using the id of the expired session
+ Request request = client.newRequest(url + "?action=test");
+ request.cookie(new HttpCookie("JSESSIONID", "1234"));
+ ContentResponse response = request.send();
+ assertEquals(HttpServletResponse.SC_OK, response.getStatus());
+
+ //should be a new session id
+ String cookie2 = response.getHeaders().get("Set-Cookie");
+ assertNotEquals("1234", TestServer.extractSessionId(cookie2));
- port1 = server1.getPort();
- String url = "http://localhost:" + port1 + contextPath + servletMapping.substring(1);
-
- //make another request using the id of the expired session
- Request request = client.newRequest(url + "?action=test");
- request.cookie(new HttpCookie("JSESSIONID", "1234"));
- ContentResponse response = request.send();
- assertEquals(HttpServletResponse.SC_OK,response.getStatus());
-
- //should be a new session id
- String cookie2 = response.getHeaders().get("Set-Cookie");
- assertNotEquals("1234", TestServer.extractSessionId(cookie2));
-
- assertTrue (listener.destroyedSessions.contains("1234"));
-
- assertNull(listener.ex);
+ assertTrue(listener.destroyedSessions.contains("1234"));
+ assertNull(listener.attributeException);
+ assertNull(listener.accessTimeException);
+ }
+ finally
+ {
+ LifeCycle.stop(client);
+ }
}
finally
{
server1.stop();
- }
+ }
+ }
+
+ public static class MyHttpSessionListener implements HttpSessionListener
+ {
+ @Override
+ public void sessionCreated(HttpSessionEvent se)
+ {
+ }
+
+ @Override
+ public void sessionDestroyed(HttpSessionEvent se)
+ {
+ }
}
-
-
+ public static class ThrowingSessionListener implements HttpSessionListener
+ {
+
+ @Override
+ public void sessionCreated(HttpSessionEvent se)
+ {
+ }
+
+ @Override
+ public void sessionDestroyed(HttpSessionEvent se)
+ {
+ throw new IllegalStateException("Exception during sessionDestroyed");
+ }
+
+ }
+
+ @Test
+ public void testSessionListeners()
+ {
+ Server server = new Server();
+ try
+ {
+ WebAppContext wac = new WebAppContext();
+
+ wac.setServer(server);
+ server.setHandler(wac);
+ wac.addEventListener(new MyHttpSessionListener());
+
+ Collection<MyHttpSessionListener> listeners = wac.getSessionHandler().getBeans(MyHttpSessionListener.class);
+ assertNotNull(listeners);
+
+ assertEquals(1, listeners.size());
+ } + }
+ finally + finally
+ { + {
@ -191,56 +593,65 @@ index ba83986..24ac045 100644
+ } + }
+ } + }
+ +
/**
* Test that listeners are called when a session expires.
*
@@ -144,7 +212,7 @@ public class SessionListenerTest
ServletHolder holder = new ServletHolder(servlet);
ServletContextHandler context = server1.addContext(contextPath);
context.addServlet(holder, servletMapping);
- TestHttpSessionListener listener = new TestHttpSessionListener(true);
+ TestHttpSessionListener listener = new TestHttpSessionListener(true.true);
context.getSessionHandler().addEventListener(listener);
server1.start();
@@ -171,7 +239,8 @@ public class SessionListenerTest
assertThat(sessionId, isIn(listener.destroyedSessions));
- assertNull(listener.ex);
+ assertNull(listener.attributeException);
+ assertNull(listener.accessTimeException);
}
finally
{
@@ -203,7 +272,7 @@ public class SessionListenerTest
ServletHolder holder = new ServletHolder(servlet);
ServletContextHandler context = server1.addContext(contextPath);
context.addServlet(holder, servletMapping);
- TestHttpSessionListener listener = new TestHttpSessionListener();
+ TestHttpSessionListener listener = new TestHttpSessionListener(true.true);
context.getSessionHandler().addEventListener(listener);
@@ -236,7 +305,8 @@ public class SessionListenerTest
assertTrue (listener.destroyedSessions.contains("1234"));
- assertNull(listener.ex);
+ assertNull(listener.attributeException);
+ assertNull(listener.accessTimeException);
}
finally
@@ -245,8 +315,6 @@ public class SessionListenerTest
}
}
-
-
public static class MySessionBindingListener implements HttpSessionBindingListener, Serializable public static class MySessionBindingListener implements HttpSessionBindingListener, Serializable
{ {
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;
-- boolean unbound = false;
2.23.0 boolean bound = false;
-
+
public void valueUnbound(HttpSessionBindingEvent event)
{
unbound = true;
@@ -263,38 +430,34 @@ public class SessionListenerTest
bound = true;
}
}
-
-
-
+
public static class TestServlet extends HttpServlet
{
private static final long serialVersionUID = 1L;
public static final MySessionBindingListener bindingListener = new MySessionBindingListener();
-
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse httpServletResponse) throws ServletException, IOException
{
String action = request.getParameter("action");
-
+
if ("init".equals(action))
{
HttpSession session = request.getSession(true);
session.setAttribute("foo", bindingListener);
assertNotNull(session);
-
}
else if ("test".equals(action))
{
HttpSession session = request.getSession(false);
assertNotNull(session);
-
+
//invalidate existing session
session.invalidate();
}
}
}
-
+
public static class SimpleTestServlet extends HttpServlet
{
private static final long serialVersionUID = 1L;
@@ -306,7 +469,7 @@ public class SessionListenerTest
if ("test".equals(action))
{
HttpSession session = request.getSession(true);
- assertTrue(session != null);
+ assertNotNull(session);
}
}
}

BIN
jetty-9.4.15.v20190215.tar.gz → jetty-9.4.16.v20190411.tar.gz
View File

Binary file not shown.

22
jetty.spec
View File

@ -8,11 +8,11 @@
%global rundir %{_localstatedir}/run/%{name} %global rundir %{_localstatedir}/run/%{name}
%global jettylibdir %{_localstatedir}/lib/%{name} %global jettylibdir %{_localstatedir}/lib/%{name}
%global appdir %{jettylibdir}/webapps %global appdir %{jettylibdir}/webapps
%global addver .v20190215 %global addver .v20190411
%bcond_with jp_minimal %bcond_with jp_minimal
Name: jetty Name: jetty
Version: 9.4.15 Version: 9.4.16
Release: 9 Release: 1
Summary: Java Webserver and Servlet Container Summary: Java Webserver and Servlet Container
License: ASL 2.0 or EPL-1.0 or EPL-2.0 License: ASL 2.0 or EPL-1.0 or EPL-2.0
URL: http://www.eclipse.org/jetty/ URL: http://www.eclipse.org/jetty/
@ -22,15 +22,10 @@ Source3: jetty.logrotate
Source5: %{name}.service Source5: %{name}.service
Source6: LICENSE-MIT Source6: LICENSE-MIT
Patch0: CVE-2020-27216.patch Patch0: CVE-2020-27216.patch
Patch1: CVE-2020-27223-pre-1.patch Patch1: CVE-2020-27223.patch
Patch2: CVE-2020-27223-pre-2.patch Patch2: CVE-2021-28165.patch
Patch3: CVE-2020-27223-pre-3.patch Patch3: CVE-2021-28169.patch
Patch4: CVE-2020-27223-pre-4.patch Patch4: CVE-2021-34428.patch
Patch5: CVE-2020-27223.patch
Patch6: CVE-2021-28165-1.patch
Patch7: CVE-2021-28165-2.patch
Patch8: CVE-2021-28169.patch
Patch9: CVE-2021-34428.patch
BuildRequires: maven-local mvn(javax.servlet:javax.servlet-api) BuildRequires: maven-local mvn(javax.servlet:javax.servlet-api)
BuildRequires: mvn(org.apache.felix:maven-bundle-plugin) BuildRequires: mvn(org.apache.felix:maven-bundle-plugin)
@ -790,6 +785,9 @@ exit 0
%license LICENSE NOTICE.txt LICENSE-MIT %license LICENSE NOTICE.txt LICENSE-MIT
%changelog %changelog
* Tue Sep 13 2022 liangqifeng <liangqifeng@ncti-gba.cn> - 9.4.16-1
- update to 9.4.14 to Fix CVE-2019-10241
* Thu Jul 1 2021 wutao <wutao61@huawei.com> - 9.4.15-9 * Thu Jul 1 2021 wutao <wutao61@huawei.com> - 9.4.15-9
- Fix CVE-2021-34428 - Fix CVE-2021-34428