packages/tomcat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!12 fix CVE-2020-17527

Browse Source 
From: @zhanghua1831
Reviewed-by: @small_leek
Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot 2020-12-15 16:09:00 +08:00 committed by Gitee
commit a4060beb73
2 changed files with 55 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
CVE-2020-17527.patch Normal file
View File

@ -0,0 +1,47 @@
From d56293f816d6dc9e2b47107f208fa9e95db58c65 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Mon, 9 Nov 2020 19:23:12 +0000
Subject: [PATCH] Fix BZ 64830 - concurrency issue in HPACK decoder
https://bz.apache.org/bugzilla/show_bug.cgi?id=64830
---
java/org/apache/coyote/http2/HpackDecoder.java | 12 ++++--------
1 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/java/org/apache/coyote/http2/HpackDecoder.java b/java/org/apache/coyote/http2/HpackDecoder.java
index 551101b33a..517dc0b4ae 100644
--- a/java/org/apache/coyote/http2/HpackDecoder.java
+++ b/java/org/apache/coyote/http2/HpackDecoder.java
@@ -72,8 +72,6 @@
private volatile boolean countedCookie;
private volatile int headerSize = 0;
- private final StringBuilder stringBuilder = new StringBuilder();
-
HpackDecoder(int maxMemorySize) {
this.maxMemorySizeHard = maxMemorySize;
this.maxMemorySizeSoft = maxMemorySize;
@@ -222,19 +220,17 @@ private String readHpackString(ByteBuffer buffer) throws HpackException {
if (huffman) {
return readHuffmanString(length, buffer);
}
+ StringBuilder stringBuilder = new StringBuilder(length);
for (int i = 0; i < length; ++i) {
stringBuilder.append((char) buffer.get());
}
- String ret = stringBuilder.toString();
- stringBuilder.setLength(0);
- return ret;
+ return stringBuilder.toString();
}
private String readHuffmanString(int length, ByteBuffer buffer) throws HpackException {
+ StringBuilder stringBuilder = new StringBuilder(length);
HPackHuffman.decode(buffer, length, stringBuilder);
- String ret = stringBuilder.toString();
- stringBuilder.setLength(0);
- return ret;
+ return stringBuilder.toString();
}
private String handleIndexedHeaderName(int index) throws HpackException {

9
tomcat.spec
View File

@ -13,7 +13,7 @@
Name: tomcat
Epoch: 1
Version: %{major_version}.%{minor_version}.%{micro_version}
Release: 15
Release: 16
Summary: Implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies
License: ASL 2.0
URL: http://tomcat.apache.org/
@ -74,6 +74,7 @@ Patch6028: CVE-2020-13943-1.patch
Patch6029: CVE-2020-13943-2.patch
Patch6030: CVE-2020-13943-3.patch
Patch6031: CVE-2020-13943-4.patch
Patch6032: CVE-2020-17527.patch
BuildRequires: ecj >= 1:4.6.1 findutils apache-commons-collections apache-commons-daemon
BuildRequires: apache-commons-dbcp apache-commons-pool tomcat-taglibs-standard ant
@ -475,6 +476,12 @@ fi
%{_javadocdir}/%{name}
%changelog
* Sat Dec 12 2020 zhanghua <zhanghua40@huawei.com> - 1:9.0.10-16
- Type:cve
- ID: CVE-2020-17527
- SUG:restart
- DESC: fix CVE-2020-17527
* Wed Dec 2 2020 jialei <jialei17@huawei.com> - 1:9.0.10-15
- Type:cves
- ID: CVE-2020-13943