packages/tomcat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
tomcat/CVE-2021-41079.patch
wk333 8f55dc4d12 Refix CVE-2021-41079
2022-04-27 10:51:59 +08:00

43 lines
2.0 KiB
Diff
Raw Blame History

From d4b340fa8feaf55831f9a59350578f7b6ca048b8 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Wed, 3 Mar 2021 12:00:46 +0000
Subject: [PATCH] Improve robustness
---
.../apache/tomcat/util/net/openssl/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 6 ++++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
index 1919159..1ab5f43 100644
--- a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
@@ -52,6 +52,7 @@ engine.nullCipherSuite=Null cipher suite
engine.unsupportedCipher=Unsupported cipher suite: [{0}] [{1}]
engine.emptyCipherSuite=Empty cipher suite
engine.failedCipherSuite=Failed to enable cipher suite [{0}]
+engine.failedToReadAvailableBytes=There are plain text bytes available to read but no bytes were read
engine.unsupportedProtocol=Protocol [{0}] is not supported
engine.unverifiedPeer=Peer unverified
engine.noSession=SSL session ID not available
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index 15c6f56..b837fd6 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -593,8 +593,10 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
throw new SSLException(e);
}
- if (bytesRead == 0) {
- break;
+ if (bytesRead <= 0) {
+ // This should not be possible. pendingApp is positive
+ // therefore the read should have read at least one byte.
+ throw new IllegalStateException(sm.getString("engine.failedToReadAvailableBytes"));
}
bytesProduced += bytesRead;
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink