!40 fix CVE-2021-42340

From: @programmer12 Reviewed-by: @small_leek Signed-off-by: @small_leek
2021-11-01 02:57:14 +00:00 · 2021-11-01 02:57:14 +00:00 · 27d20aa5ea
commit 27d20aa5ea
parent ef0d9874ce 1694902243
2 changed files with 59 additions and 1 deletions
--- a/CVE-2021-42340.patch
+++ b/CVE-2021-42340.patch
@ -0,0 +1,54 @@
+From cd2150ff02c592c1ab6da219302ff80f589559fe Mon Sep 17 00:00:00 2001
+From: remm <remm@apache.org>
+Date: Thu, 28 Oct 2021 11:32:47 +0800
+Subject: [PATCH] Close WebConnection
+
+---
+ .../tomcat/websocket/server/WsHttpUpgradeHandler.java     | 3 +++
+ webapps/docs/changelog.xml                                | 8 ++++++++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java b/java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java
+index 5dd1c5a..703f17a 100644
+--- a/java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java
+++ b/java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java
+@@ -99,6 +99,7 @@ public class WsHttpUpgradeHandler implements InternalHttpUpgradeHandler {
+ 
+     @Override
+     public void init(WebConnection connection) {
+	this.connection = connection;
+         if (ep == null) {
+             throw new IllegalStateException(
+                     sm.getString("wsHttpUpgradeHandler.noPreInit"));
+@@ -203,7 +204,9 @@ public class WsHttpUpgradeHandler implements InternalHttpUpgradeHandler {
+ 
+     @Override
+     public void destroy() {
+	WebConnection connection = this.connection;
+         if (connection != null) {
+            this.connection = null;
+             try {
+                 connection.close();
+             } catch (Exception e) {
+diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
+index a7bb52c..a97e15d 100644
+--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
+@@ -338,6 +338,14 @@
+       </fix>
+     </changelog>
+   </subsection>
+  <subsection name="WebSocket">
+    <changelog>
+      <fix>
+	The internal upgrade handler should close the associated
+        <code>WebConnection</code> on destroy. (remm)
+      </fix>
+    </changelog>
+  </subsection>
+   <subsection name="Web applications">
+     <changlog>
+       <fix>
+-- 
+2.27.0
+
--- a/tomcat.spec
+++ b/tomcat.spec
@ -13,7 +13,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       21
+Release:       22
 Summary:       Implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies
 License:       ASL 2.0
 URL:           http://tomcat.apache.org/
@ -99,6 +99,7 @@ Patch6054: CVE-2021-30640-6.patch
 Patch6055: CVE-2021-30640-7.patch
 Patch6056: CVE-2021-30640-8.patch
 Patch6057: CVE-2021-41079.patch
+Patch6058: CVE-2021-42340.patch

 BuildRequires: ecj >= 1:4.6.1 findutils apache-commons-collections apache-commons-daemon
 BuildRequires: apache-commons-dbcp apache-commons-pool tomcat-taglibs-standard ant
@ -500,6 +501,9 @@ fi
 %{_javadocdir}/%{name}

 %changelog
+* Thu Oct 28 2021 liwu <liwu13@huawei.com> - 1:9.0.10-22
+- Fix CVE-2021-42340
+
 * Sat Oct 9 2021 houyingchao <houyingchao@huawei.com> - 1:9.0.10-21
 - Fix CVE-2021-41079