tomcat/CVE-2021-30640-3.patch

From 2e3924d0a8372ced148b42016432c038dd1ae487 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Tue, 13 Apr 2021 11:43:51 +0100
Subject: [PATCH] Expand tests and fix escaping issue when searching for users by filter

---
 java/org/apache/catalina/realm/JNDIRealm.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
index b60f393..dcec473 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -1648,7 +1648,9 @@ public class JNDIRealm extends RealmBase {
             return null;
 
         // Form the search filter
-        String filter = connection.userSearchFormat.format(new String[] { username });
+        // Escape in case username contains a character with special meaning in
+        // a search filter.
+        String filter = connection.userSearchFormat.format(new String[] { doFilterEscaping(username) });
 
         // Set up the search controls
         SearchControls constraints = new SearchControls();
@@ -1913,6 +1915,8 @@ System.out.println("userRoleName " + userRoleName + " " + attrs.get(userRoleName
         if (user == null)
             return null;
 
+        // This is returned from the directory so will be attribute value
+        // escaped if required
         String dn = user.getDN();
         String username = user.getUserName();
         String userRoleId = user.getUserRoleId();
-- 
2.23.0
Fix CVE-2021-30640 (cherry picked from commit ad3e1f9e6fe4ebfbfc6ee3b0922b0c39a936d543) 2021-07-29 16:54:15 +08:00			`From 2e3924d0a8372ced148b42016432c038dd1ae487 Mon Sep 17 00:00:00 2001`
			`From: Mark Thomas <markt@apache.org>`
			`Date: Tue, 13 Apr 2021 11:43:51 +0100`
			`Subject: [PATCH] Expand tests and fix escaping issue when searching for users by filter`

			`---`
			`java/org/apache/catalina/realm/JNDIRealm.java \| 6 +++++-`
			`1 file changed, 5 insertions(+), 1 deletion(-)`

			`diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java`
			`index b60f393..dcec473 100644`
			`--- a/java/org/apache/catalina/realm/JNDIRealm.java`
			`+++ b/java/org/apache/catalina/realm/JNDIRealm.java`
			`@@ -1648,7 +1648,9 @@ public class JNDIRealm extends RealmBase {`
			`return null;`

			`// Form the search filter`
			`- String filter = connection.userSearchFormat.format(new String[] { username });`
			`+ // Escape in case username contains a character with special meaning in`
			`+ // a search filter.`
			`+ String filter = connection.userSearchFormat.format(new String[] { doFilterEscaping(username) });`

			`// Set up the search controls`
			`SearchControls constraints = new SearchControls();`
			`@@ -1913,6 +1915,8 @@ System.out.println("userRoleName " + userRoleName + " " + attrs.get(userRoleName`
			`if (user == null)`
			`return null;`

			`+ // This is returned from the directory so will be attribute value`
			`+ // escaped if required`
			`String dn = user.getDN();`
			`String username = user.getUserName();`
			`String userRoleId = user.getUserRoleId();`
			`--`
			`2.23.0`