packages/tomcat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
tomcat/CVE-2024-54677-pre.patch

441 lines
20 KiB
Diff
Raw Normal View History

Fix CVE-2024-50379 CVE-2024-54677 (cherry picked from commit 37b6fbcf4c334035b8423e43c24b2bea2397c27f)
2024-12-18 10:49:32 +08:00
From 5adf342f83eebd5a5e0a83141c56955a25f3a0c3 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Mon, 2 Dec 2024 14:19:14 +0000
Subject: [PATCH] Code clean-up - formatting. No functional change
Origin: https://github.com/apache/tomcat/commit/5adf342f83eebd5a5e0a83141c56955a25f3a0c3
---
.../WEB-INF/classes/CookieExample.java | 32 +++++-------
.../WEB-INF/classes/HelloWorldExample.java | 19 +++----
.../WEB-INF/classes/RequestHeaderExample.java | 49 ++++++-------------
.../WEB-INF/classes/RequestInfoExample.java | 25 ++++------
.../WEB-INF/classes/RequestParamExample.java | 22 +++------
.../WEB-INF/classes/ServletToJsp.java | 19 ++++---
.../WEB-INF/classes/SessionExample.java | 23 +++------
7 files changed, 67 insertions(+), 122 deletions(-)
diff --git a/webapps/examples/WEB-INF/classes/CookieExample.java b/webapps/examples/WEB-INF/classes/CookieExample.java
index cbf375e861bc..32eb1f806ce8 100644
--- a/webapps/examples/WEB-INF/classes/CookieExample.java
+++ b/webapps/examples/WEB-INF/classes/CookieExample.java
@@ -40,11 +40,8 @@ public class CookieExample extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
- public void doGet(HttpServletRequest request,
- HttpServletResponse response)
- throws IOException, ServletException
- {
- ResourceBundle rb = ResourceBundle.getBundle("LocalStrings",request.getLocale());
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
+ ResourceBundle rb = ResourceBundle.getBundle("LocalStrings", request.getLocale());
String cookieName = request.getParameter("cookiename");
String cookieValue = request.getParameter("cookievalue");
@@ -75,11 +72,11 @@ public void doGet(HttpServletRequest request,
// addition of a PathInfo issue
out.println("<a href=\"../cookies.html\">");
- out.println("<img src=\"../images/code.gif\" height=24 " +
- "width=24 align=right border=0 alt=\"view code\"></a>");
+ out.println(
+ "<img src=\"../images/code.gif\" height=24 " + "width=24 align=right border=0 alt=\"view code\"></a>");
out.println("<a href=\"../index.html\">");
- out.println("<img src=\"../images/return.gif\" height=24 " +
- "width=24 align=right border=0 alt=\"return\"></a>");
+ out.println(
+ "<img src=\"../images/return.gif\" height=24 " + "width=24 align=right border=0 alt=\"return\"></a>");
out.println("<h3>" + title + "</h3>");
@@ -95,9 +92,8 @@ public void doGet(HttpServletRequest request,
String cName = cookie.getName();
String cValue = cookie.getValue();
out.print("Cookie Name: " + HTMLFilter.filter(cName) + "<br>");
- out.println(" Cookie Value: "
- + HTMLFilter.filter(CookieFilter.filter(cName, cValue, sessionId))
- + "<br><br>");
+ out.println(" Cookie Value: " + HTMLFilter.filter(CookieFilter.filter(cName, cValue, sessionId)) +
+ "<br><br>");
}
} else {
out.println(rb.getString("cookies.no-cookies"));
@@ -106,10 +102,8 @@ public void doGet(HttpServletRequest request,
if (aCookie != null) {
out.println("<P>");
out.println(rb.getString("cookies.set") + "<br>");
- out.print(rb.getString("cookies.name") + " "
- + HTMLFilter.filter(cookieName) + "<br>");
- out.print(rb.getString("cookies.value") + " "
- + HTMLFilter.filter(cookieValue));
+ out.print(rb.getString("cookies.name") + " " + HTMLFilter.filter(cookieName) + "<br>");
+ out.print(rb.getString("cookies.value") + " " + HTMLFilter.filter(cookieValue));
}
out.println("<P>");
@@ -128,13 +122,9 @@ public void doGet(HttpServletRequest request,
}
@Override
- public void doPost(HttpServletRequest request,
- HttpServletResponse response)
- throws IOException, ServletException
- {
+ public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
doGet(request, response);
}
}
-
diff --git a/webapps/examples/WEB-INF/classes/HelloWorldExample.java b/webapps/examples/WEB-INF/classes/HelloWorldExample.java
index 15911e23af85..346733aba9ab 100644
--- a/webapps/examples/WEB-INF/classes/HelloWorldExample.java
+++ b/webapps/examples/WEB-INF/classes/HelloWorldExample.java
@@ -1,3 +1,4 @@
+
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
@@ -34,12 +35,8 @@ public class HelloWorldExample extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
- public void doGet(HttpServletRequest request,
- HttpServletResponse response)
- throws IOException, ServletException
- {
- ResourceBundle rb =
- ResourceBundle.getBundle("LocalStrings",request.getLocale());
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
+ ResourceBundle rb = ResourceBundle.getBundle("LocalStrings", request.getLocale());
response.setContentType("text/html");
response.setCharacterEncoding("UTF-8");
PrintWriter out = response.getWriter();
@@ -64,16 +61,14 @@ public void doGet(HttpServletRequest request,
// addition of a PathInfo issue
out.println("<a href=\"../helloworld.html\">");
- out.println("<img src=\"../images/code.gif\" height=24 " +
- "width=24 align=right border=0 alt=\"view code\"></a>");
+ out.println(
+ "<img src=\"../images/code.gif\" height=24 " + "width=24 align=right border=0 alt=\"view code\"></a>");
out.println("<a href=\"../index.html\">");
- out.println("<img src=\"../images/return.gif\" height=24 " +
- "width=24 align=right border=0 alt=\"return\"></a>");
+ out.println(
+ "<img src=\"../images/return.gif\" height=24 " + "width=24 align=right border=0 alt=\"return\"></a>");
out.println("<h1>" + title + "</h1>");
out.println("</body>");
out.println("</html>");
}
}
-
-
diff --git a/webapps/examples/WEB-INF/classes/RequestHeaderExample.java b/webapps/examples/WEB-INF/classes/RequestHeaderExample.java
index df2d2d51f78a..98c0e6a9878b 100644
--- a/webapps/examples/WEB-INF/classes/RequestHeaderExample.java
+++ b/webapps/examples/WEB-INF/classes/RequestHeaderExample.java
@@ -42,10 +42,7 @@ public class RequestHeaderExample extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
- public void doGet(HttpServletRequest request,
- HttpServletResponse response)
- throws IOException, ServletException
- {
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
if (prefersJSON(request.getHeader("Accept"))) {
renderJSON(request, response);
} else {
@@ -54,16 +51,12 @@ public void doGet(HttpServletRequest request,
}
/**
- * Returns true if the client appears to prefer a JSON response,
- * false otherwise.
- *
- * Note that this method is not very pedantic and uses only a very lazy
- * algorithm for checking whether JSON is "preferred".
+ * Returns true if the client appears to prefer a JSON response, false otherwise. Note that this method is not very
+ * pedantic and uses only a very lazy algorithm for checking whether JSON is "preferred".
*
* @param acceptHeader The value of the HTTP "Accept" header from the client.
*
- * @return true if the client appears to prefer a JSON response,
- * false otherwise.
+ * @return true if the client appears to prefer a JSON response, false otherwise.
*/
protected boolean prefersJSON(String acceptHeader) {
if (null == acceptHeader) {
@@ -87,11 +80,8 @@ protected boolean prefersJSON(String acceptHeader) {
return false;
}
- protected void renderHTML(HttpServletRequest request,
- HttpServletResponse response)
- throws IOException
- {
- ResourceBundle rb = ResourceBundle.getBundle("LocalStrings",request.getLocale());
+ protected void renderHTML(HttpServletRequest request, HttpServletResponse response) throws IOException {
+ ResourceBundle rb = ResourceBundle.getBundle("LocalStrings", request.getLocale());
response.setContentType("text/html");
response.setCharacterEncoding("UTF-8");
@@ -113,11 +103,11 @@ protected void renderHTML(HttpServletRequest request,
// addition of a PathInfo issue
out.println("<a href=\"../reqheaders.html\">");
- out.println("<img src=\"../images/code.gif\" height=24 " +
- "width=24 align=right border=0 alt=\"view code\"></a>");
+ out.println(
+ "<img src=\"../images/code.gif\" height=24 " + "width=24 align=right border=0 alt=\"view code\"></a>");
out.println("<a href=\"../index.html\">");
- out.println("<img src=\"../images/return.gif\" height=24 " +
- "width=24 align=right border=0 alt=\"return\"></a>");
+ out.println(
+ "<img src=\"../images/return.gif\" height=24 " + "width=24 align=right border=0 alt=\"return\"></a>");
out.println("<h3>" + title + "</h3>");
out.println("<table border=0>");
@@ -143,9 +133,7 @@ protected void renderHTML(HttpServletRequest request,
out.println("</table>");
}
- protected void renderJSON(HttpServletRequest request, HttpServletResponse response)
- throws IOException
- {
+ protected void renderJSON(HttpServletRequest request, HttpServletResponse response) throws IOException {
response.setContentType("application/json");
response.setCharacterEncoding("UTF-8");
@@ -157,14 +145,10 @@ protected void renderJSON(HttpServletRequest request, HttpServletResponse respon
String headerName = e.nextElement();
String headerValue = request.getHeader(headerName);
- out.append("{\"")
- .append(JSONFilter.escape(headerName))
- .append("\":\"")
- .append(JSONFilter.escape(headerValue))
- .append("\"}")
- ;
+ out.append("{\"").append(JSONFilter.escape(headerName)).append("\":\"")
+ .append(JSONFilter.escape(headerValue)).append("\"}");
- if(e.hasMoreElements()) {
+ if (e.hasMoreElements()) {
out.append(',');
}
}
@@ -173,10 +157,7 @@ protected void renderJSON(HttpServletRequest request, HttpServletResponse respon
}
@Override
- public void doPost(HttpServletRequest request,
- HttpServletResponse response)
- throws IOException, ServletException
- {
+ public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
doGet(request, response);
}
diff --git a/webapps/examples/WEB-INF/classes/RequestInfoExample.java b/webapps/examples/WEB-INF/classes/RequestInfoExample.java
index 9ea4668ad42d..57665bb2c51b 100644
--- a/webapps/examples/WEB-INF/classes/RequestInfoExample.java
+++ b/webapps/examples/WEB-INF/classes/RequestInfoExample.java
@@ -37,11 +37,8 @@ public class RequestInfoExample extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
- public void doGet(HttpServletRequest request,
- HttpServletResponse response)
- throws IOException, ServletException
- {
- ResourceBundle rb = ResourceBundle.getBundle("LocalStrings",request.getLocale());
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
+ ResourceBundle rb = ResourceBundle.getBundle("LocalStrings", request.getLocale());
response.setContentType("text/html");
response.setCharacterEncoding("UTF-8");
@@ -64,11 +61,11 @@ public void doGet(HttpServletRequest request,
// addition of a PathInfo issue
out.println("<a href=\"../reqinfo.html\">");
- out.println("<img src=\"../images/code.gif\" height=24 " +
- "width=24 align=right border=0 alt=\"view code\"></a>");
+ out.println(
+ "<img src=\"../images/code.gif\" height=24 " + "width=24 align=right border=0 alt=\"view code\"></a>");
out.println("<a href=\"../index.html\">");
- out.println("<img src=\"../images/return.gif\" height=24 " +
- "width=24 align=right border=0 alt=\"return\"></a>");
+ out.println(
+ "<img src=\"../images/return.gif\" height=24 " + "width=24 align=right border=0 alt=\"return\"></a>");
out.println("<h3>" + title + "</h3>");
out.println("<table border=0><tr><td>");
@@ -93,9 +90,8 @@ public void doGet(HttpServletRequest request,
out.println(HTMLFilter.filter(request.getRemoteAddr()));
out.println("</td></tr>");
- String cipherSuite=
- (String)request.getAttribute("javax.servlet.request.cipher_suite");
- if(cipherSuite!=null){
+ String cipherSuite = (String) request.getAttribute("javax.servlet.request.cipher_suite");
+ if (cipherSuite != null) {
out.println("<tr><td>");
out.println("SSLCipherSuite:");
out.println("</td><td>");
@@ -107,10 +103,7 @@ public void doGet(HttpServletRequest request,
}
@Override
- public void doPost(HttpServletRequest request,
- HttpServletResponse response)
- throws IOException, ServletException
- {
+ public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
doGet(request, response);
}
diff --git a/webapps/examples/WEB-INF/classes/RequestParamExample.java b/webapps/examples/WEB-INF/classes/RequestParamExample.java
index cbcc3712b6d4..69482936c344 100644
--- a/webapps/examples/WEB-INF/classes/RequestParamExample.java
+++ b/webapps/examples/WEB-INF/classes/RequestParamExample.java
@@ -37,11 +37,8 @@ public class RequestParamExample extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
- public void doGet(HttpServletRequest request,
- HttpServletResponse response)
- throws IOException, ServletException
- {
- ResourceBundle rb = ResourceBundle.getBundle("LocalStrings",request.getLocale());
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
+ ResourceBundle rb = ResourceBundle.getBundle("LocalStrings", request.getLocale());
response.setContentType("text/html");
response.setCharacterEncoding("UTF-8");
@@ -58,18 +55,18 @@ public void doGet(HttpServletRequest request,
// img stuff not req'd for source code HTML showing
- // all links relative
+ // all links relative
// XXX
// making these absolute till we work out the
// addition of a PathInfo issue
out.println("<a href=\"../reqparams.html\">");
- out.println("<img src=\"../images/code.gif\" height=24 " +
- "width=24 align=right border=0 alt=\"view code\"></a>");
+ out.println(
+ "<img src=\"../images/code.gif\" height=24 " + "width=24 align=right border=0 alt=\"view code\"></a>");
out.println("<a href=\"../index.html\">");
- out.println("<img src=\"../images/return.gif\" height=24 " +
- "width=24 align=right border=0 alt=\"return\"></a>");
+ out.println(
+ "<img src=\"../images/return.gif\" height=24 " + "width=24 align=right border=0 alt=\"return\"></a>");
out.println("<h3>" + title + "</h3>");
String firstName = request.getParameter("firstname");
@@ -101,10 +98,7 @@ public void doGet(HttpServletRequest request,
}
@Override
- public void doPost(HttpServletRequest request,
- HttpServletResponse response)
- throws IOException, ServletException
- {
+ public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
doGet(request, response);
}
diff --git a/webapps/examples/WEB-INF/classes/ServletToJsp.java b/webapps/examples/WEB-INF/classes/ServletToJsp.java
index a4903a9bba74..e83bbf377620 100644
--- a/webapps/examples/WEB-INF/classes/ServletToJsp.java
+++ b/webapps/examples/WEB-INF/classes/ServletToJsp.java
@@ -24,16 +24,15 @@ public class ServletToJsp extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
- public void doGet (HttpServletRequest request,
- HttpServletResponse response) {
+ public void doGet(HttpServletRequest request, HttpServletResponse response) {
- try {
- // Set the attribute and Forward to hello.jsp
- request.setAttribute ("servletName", "servletToJsp");
- getServletConfig().getServletContext().getRequestDispatcher(
- "/jsp/jsptoserv/hello.jsp").forward(request, response);
- } catch (Exception ex) {
- ex.printStackTrace ();
- }
+ try {
+ // Set the attribute and Forward to hello.jsp
+ request.setAttribute("servletName", "servletToJsp");
+ getServletConfig().getServletContext().getRequestDispatcher("/jsp/jsptoserv/hello.jsp").forward(request,
+ response);
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ }
}
}
diff --git a/webapps/examples/WEB-INF/classes/SessionExample.java b/webapps/examples/WEB-INF/classes/SessionExample.java
index c71ef5f743bb..724b9b437d67 100644
--- a/webapps/examples/WEB-INF/classes/SessionExample.java
+++ b/webapps/examples/WEB-INF/classes/SessionExample.java
@@ -40,11 +40,8 @@ public class SessionExample extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
- public void doGet(HttpServletRequest request,
- HttpServletResponse response)
- throws IOException, ServletException
- {
- ResourceBundle rb = ResourceBundle.getBundle("LocalStrings",request.getLocale());
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
+ ResourceBundle rb = ResourceBundle.getBundle("LocalStrings", request.getLocale());
response.setContentType("text/html");
response.setCharacterEncoding("UTF-8");
@@ -68,11 +65,11 @@ public void doGet(HttpServletRequest request,
// addition of a PathInfo issue
out.println("<a href=\"../sessions.html\">");
- out.println("<img src=\"../images/code.gif\" height=24 " +
- "width=24 align=right border=0 alt=\"view code\"></a>");
+ out.println(
+ "<img src=\"../images/code.gif\" height=24 " + "width=24 align=right border=0 alt=\"view code\"></a>");
out.println("<a href=\"../index.html\">");
- out.println("<img src=\"../images/return.gif\" height=24 " +
- "width=24 align=right border=0 alt=\"return\"></a>");
+ out.println(
+ "<img src=\"../images/return.gif\" height=24 " + "width=24 align=right border=0 alt=\"return\"></a>");
out.println("<h3>" + title + "</h3>");
@@ -96,8 +93,7 @@ public void doGet(HttpServletRequest request,
while (names.hasMoreElements()) {
String name = names.nextElement();
String value = session.getAttribute(name).toString();
- out.println(HTMLFilter.filter(name) + " = "
- + HTMLFilter.filter(value) + "<br>");
+ out.println(HTMLFilter.filter(name) + " = " + HTMLFilter.filter(value) + "<br>");
}
out.println("<P>");
@@ -137,10 +133,7 @@ public void doGet(HttpServletRequest request,
}
@Override
- public void doPost(HttpServletRequest request,
- HttpServletResponse response)
- throws IOException, ServletException
- {
+ public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
doGet(request, response);
}
Reference in New Issue Copy Permalink