packages/tomcat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
tomcat/CVE-2024-52318.patch
wk333 6aaef1d760 Fix CVE-2024-52318 
(cherry picked from commit f6da21ee4a0a0605f41c9c798d211fbae42d4215)
2024-11-19 17:09:20 +08:00

165 lines
6.1 KiB
Diff
Raw Blame History

From 9813c5dd3259183f659bbb83312a5cf673cc1ebf Mon Sep 17 00:00:00 2001
From: remm <remm@apache.org>
Date: Tue, 15 Oct 2024 21:51:33 +0200
Subject: [PATCH] Fix JSP tag release
Origin: https://github.com/apache/tomcat/commit/9813c5dd3259183f659bbb83312a5cf673cc1ebf
BZ 69399: Fix regression caused by the improvement 69333 which caused
the tag release() to be called when using tag pooling, and to be
skipped when not using it.
Patch submitted by Michal Sobkiewicz.
---
.../org/apache/jasper/compiler/Generator.java | 2 +-
.../apache/jasper/compiler/TestGenerator.java | 51 +++++++++++++++++++
test/webapp/WEB-INF/bugs.tld | 5 ++
test/webapp/jsp/generator/release.jsp | 18 +++++++
webapps/docs/changelog.xml | 10 ++++
5 files changed, 85 insertions(+), 1 deletion(-)
create mode 100644 test/webapp/jsp/generator/release.jsp
diff --git a/java/org/apache/jasper/compiler/Generator.java b/java/org/apache/jasper/compiler/Generator.java
index 814c8bb9fe50..5df52c3d7adc 100644
--- a/java/org/apache/jasper/compiler/Generator.java
+++ b/java/org/apache/jasper/compiler/Generator.java
@@ -2603,7 +2603,7 @@ private void generateCustomEnd(Node.CustomTag n, String tagHandlerVar,
out.print(".reuse(");
out.print(tagHandlerVar);
out.println(");");
-
+ } else {
// Clean-up
out.printin("org.apache.jasper.runtime.JspRuntimeLibrary.releaseTag(");
out.print(tagHandlerVar);
diff --git a/test/org/apache/jasper/compiler/TestGenerator.java b/test/org/apache/jasper/compiler/TestGenerator.java
index f7e3223e331a..087936cd6eb2 100644
--- a/test/org/apache/jasper/compiler/TestGenerator.java
+++ b/test/org/apache/jasper/compiler/TestGenerator.java
@@ -526,6 +526,25 @@ public void setData(String data) {
}
}
+ private static boolean tagTesterTagReleaseReleased = false;
+
+ public static class TesterTagRelease extends TesterTag {
+ private String data;
+
+ public String getData() {
+ return data;
+ }
+
+ public void setData(String data) {
+ this.data = data;
+ }
+
+ @Override
+ public void release() {
+ tagTesterTagReleaseReleased = true;
+ }
+ }
+
public static class DataPropertyEditor extends PropertyEditorSupport {
}
@@ -947,6 +966,38 @@ public void testBug65390() throws Exception {
Assert.assertEquals(body.toString(), HttpServletResponse.SC_OK, rc);
}
+ @Test
+ public void testTagReleaseWithPooling() throws Exception {
+ doTestTagRelease(true);
+ }
+
+ @Test
+ public void testTagReleaseWithoutPooling() throws Exception {
+ doTestTagRelease(false);
+ }
+
+ public void doTestTagRelease(boolean enablePooling) throws Exception {
+ tagTesterTagReleaseReleased = false;
+ Tomcat tomcat = getTomcatInstance();
+
+ File appDir = new File("test/webapp");
+ Context ctxt = tomcat.addContext("", appDir.getAbsolutePath());
+ ctxt.addServletContainerInitializer(new JasperInitializer(), null);
+
+ Tomcat.initWebappDefaults(ctxt);
+ Wrapper w = (Wrapper) ctxt.findChild("jsp");
+ w.addInitParameter("enablePooling", String.valueOf(enablePooling));
+
+ tomcat.start();
+
+ getUrl("http://localhost:" + getPort() + "/jsp/generator/release.jsp");
+ if (enablePooling) {
+ Assert.assertFalse(tagTesterTagReleaseReleased);
+ } else {
+ Assert.assertTrue(tagTesterTagReleaseReleased);
+ }
+ }
+
private void doTestJsp(String jspName) throws Exception {
doTestJsp(jspName, HttpServletResponse.SC_OK);
}
diff --git a/test/webapp/WEB-INF/bugs.tld b/test/webapp/WEB-INF/bugs.tld
index 81d050e284fa..a4e496a83357 100644
--- a/test/webapp/WEB-INF/bugs.tld
+++ b/test/webapp/WEB-INF/bugs.tld
@@ -108,6 +108,11 @@
<tag-class>org.apache.jasper.compiler.TestGenerator$TesterTagA</tag-class>
<body-content>JSP</body-content>
</tag>
+ <tag>
+ <name>TesterTagRelease</name>
+ <tag-class>org.apache.jasper.compiler.TestGenerator$TesterTagRelease</tag-class>
+ <body-content>JSP</body-content>
+ </tag>
<tag>
<name>TesterScriptingTag</name>
<tag-class>org.apache.jasper.compiler.TestGenerator$TesterScriptingTag</tag-class>
diff --git a/test/webapp/jsp/generator/release.jsp b/test/webapp/jsp/generator/release.jsp
new file mode 100644
index 000000000000..ae2d1d19f09a
--- /dev/null
+++ b/test/webapp/jsp/generator/release.jsp
@@ -0,0 +1,18 @@
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<%@ taglib uri="http://tomcat.apache.org/bugs" prefix="bugs" %>
+<bugs:TesterTagRelease/>
\ No newline at end of file
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 72932e81a5c2..4d34ec5008b5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -173,6 +173,16 @@
</fix>
</changelog>
</subsection>
+ <subsection name="Jasper">
+ <changelog>
+ <fix>
+ <bug>69399</bug>: Fix regression caused by the improvement
+ <bug>69333</bug> which caused the tag <code>release</code> to be called
+ when using tag pooling, and to be skipped when not using it.
+ Patch submitted by Michal Sobkiewicz. (remm)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Other">
<changelog>
<update>
Reference in New Issue View Git Blame Copy Permalink