svn commit: r1809293 - in /tomcat/tc7.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

Fri, 22 Sep 2017 03:18:54 -0700 

Author: markt
Date: Fri Sep 22 10:18:29 2017
New Revision: 1809293

URL: http://svn.apache.org/viewvc?rev=1809293&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61542
Remainder of fix for CVE-2017-12617
This ensures that a path specified for creation of a file does not end in '/' 
since that is dropped by the File API.
Modified:
    tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java?rev=1809293&r1=1809292&r2=1809293&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java 
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java 
Fri Sep 22 10:18:29 2017
@@ -476,11 +476,16 @@ public class FileDirContext extends Base
      * @exception NamingException if a naming exception is encountered
      */
     @Override
-    public void bind(String name, Object obj, Attributes attrs)
-        throws NamingException {
+    public void bind(String name, Object obj, Attributes attrs) throws 
NamingException {
 
         // Note: No custom attributes allowed
 
+        // bind() is meant to create a file so ensure that the path doesn't end
+        // in '/'
+        if (name.endsWith("/")) {
+            throw new NamingException(sm.getString("resources.bindFailed", 
name));
+        }
+
         File file = file(name, false);
         if (file == null) {
             throw new NamingException(sm.getString("resources.bindFailed", 
name));

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1809293&r1=1809292&r2=1809293&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Sep 22 10:18:29 2017
@@ -90,6 +90,11 @@
         <code>DirContext</code> that represented the web application in a
         <code>ProxyDirContext</code> twice rather than just once. (markt)
       </fix>
+      <fix>
+        <bug>61542</bug>: Fix CVE-2017-12617 and prevent JSPs from being
+        uploaded via a specially crafted request when HTTP PUT was enabled.
+        (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to