Author: markt
Date: Mon Jun 27 09:27:06 2011
New Revision: 1140070
URL: http://svn.apache.org/viewvc?rev=1140070&view=rev
Log:
Fix CVE-2011-2204.
Prevent user passwords appearing in log files if a runtime exception (e.g.
OOME) occurs while creating a new user for a MemoryUserDatabase via JMX.
Modified:
tomcat/trunk/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java
tomcat/trunk/java/org/apache/catalina/users/MemoryUser.java
tomcat/trunk/java/org/apache/catalina/users/MemoryUserDatabase.java
tomcat/trunk/webapps/docs/changelog.xml
Modified:
tomcat/trunk/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java?rev=1140070&r1=1140069&r2=1140070&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java
Mon Jun 27 09:27:06 2011
@@ -173,7 +173,7 @@ public class MemoryUserDatabaseMBean ext
MBeanUtils.createMBean(group);
} catch (Exception e) {
IllegalArgumentException iae = new IllegalArgumentException
- ("Exception creating group " + group + " MBean");
+ ("Exception creating group [" + groupname + "] MBean");
iae.initCause(e);
throw iae;
}
@@ -196,7 +196,7 @@ public class MemoryUserDatabaseMBean ext
MBeanUtils.createMBean(role);
} catch (Exception e) {
IllegalArgumentException iae = new IllegalArgumentException
- ("Exception creating role " + role + " MBean");
+ ("Exception creating role [" + rolename + "] MBean");
iae.initCause(e);
throw iae;
}
@@ -221,7 +221,7 @@ public class MemoryUserDatabaseMBean ext
MBeanUtils.createMBean(user);
} catch (Exception e) {
IllegalArgumentException iae = new IllegalArgumentException
- ("Exception creating user " + user + " MBean");
+ ("Exception creating user [" + username + "] MBean");
iae.initCause(e);
throw iae;
}
@@ -249,7 +249,7 @@ public class MemoryUserDatabaseMBean ext
return (oname.toString());
} catch (MalformedObjectNameException e) {
IllegalArgumentException iae = new IllegalArgumentException
- ("Cannot create object name for group " + group);
+ ("Cannot create object name for group [" + groupname + "]");
iae.initCause(e);
throw iae;
}
@@ -276,7 +276,7 @@ public class MemoryUserDatabaseMBean ext
return (oname.toString());
} catch (MalformedObjectNameException e) {
IllegalArgumentException iae = new IllegalArgumentException
- ("Cannot create object name for role " + role);
+ ("Cannot create object name for role [" + rolename + "]");
iae.initCause(e);
throw iae;
}
@@ -303,7 +303,7 @@ public class MemoryUserDatabaseMBean ext
return (oname.toString());
} catch (MalformedObjectNameException e) {
IllegalArgumentException iae = new IllegalArgumentException
- ("Cannot create object name for user " + user);
+ ("Cannot create object name for user [" + username + "]");
iae.initCause(e);
throw iae;
}
@@ -328,7 +328,7 @@ public class MemoryUserDatabaseMBean ext
database.removeGroup(group);
} catch (Exception e) {
IllegalArgumentException iae = new IllegalArgumentException
- ("Exception destroying group " + group + " MBean");
+ ("Exception destroying group [" + groupname + "] MBean");
iae.initCause(e);
throw iae;
}
@@ -353,7 +353,7 @@ public class MemoryUserDatabaseMBean ext
database.removeRole(role);
} catch (Exception e) {
IllegalArgumentException iae = new IllegalArgumentException
- ("Exception destroying role " + role + " MBean");
+ ("Exception destroying role [" + rolename + "] MBean");
iae.initCause(e);
throw iae;
}
@@ -378,7 +378,7 @@ public class MemoryUserDatabaseMBean ext
database.removeUser(user);
} catch (Exception e) {
IllegalArgumentException iae = new IllegalArgumentException
- ("Exception destroying user " + user + " MBean");
+ ("Exception destroying user [" + username + "] MBean");
iae.initCause(e);
throw iae;
}
Modified: tomcat/trunk/java/org/apache/catalina/users/MemoryUser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/users/MemoryUser.java?rev=1140070&r1=1140069&r2=1140070&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/users/MemoryUser.java (original)
+++ tomcat/trunk/java/org/apache/catalina/users/MemoryUser.java Mon Jun 27
09:27:06 2011
@@ -257,8 +257,7 @@ public class MemoryUser extends Abstract
* <code>username</code> or </code>name</code> for the username
* property.</p>
*/
- @Override
- public String toString() {
+ public String toXml() {
StringBuilder sb = new StringBuilder("<user username=\"");
sb.append(RequestUtil.filter(username));
@@ -305,5 +304,52 @@ public class MemoryUser extends Abstract
}
+ /**
+ * <p>Return a String representation of this user.</p>
+ */
+ @Override
+ public String toString() {
+
+ StringBuilder sb = new StringBuilder("User username=\"");
+ sb.append(RequestUtil.filter(username));
+ sb.append("\"");
+ if (fullName != null) {
+ sb.append(", fullName=\"");
+ sb.append(RequestUtil.filter(fullName));
+ sb.append("\"");
+ }
+ synchronized (groups) {
+ if (groups.size() > 0) {
+ sb.append(", groups=\"");
+ int n = 0;
+ Iterator<Group> values = groups.iterator();
+ while (values.hasNext()) {
+ if (n > 0) {
+ sb.append(',');
+ }
+ n++;
+
sb.append(RequestUtil.filter(values.next().getGroupname()));
+ }
+ sb.append("\"");
+ }
+ }
+ synchronized (roles) {
+ if (roles.size() > 0) {
+ sb.append(", roles=\"");
+ int n = 0;
+ Iterator<Role> values = roles.iterator();
+ while (values.hasNext()) {
+ if (n > 0) {
+ sb.append(',');
+ }
+ n++;
+ sb.append(RequestUtil.filter(values.next().getRolename()));
+ }
+ sb.append("\"");
+ }
+ }
+ return (sb.toString());
+ }
+
}
Modified: tomcat/trunk/java/org/apache/catalina/users/MemoryUserDatabase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/users/MemoryUserDatabase.java?rev=1140070&r1=1140069&r2=1140070&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/users/MemoryUserDatabase.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/users/MemoryUserDatabase.java Mon Jun
27 09:27:06 2011
@@ -585,7 +585,7 @@ public class MemoryUserDatabase implemen
values = getUsers();
while (values.hasNext()) {
writer.print(" ");
- writer.println(values.next());
+ writer.println(((MemoryUser) values.next()).toXml());
}
// Print the file epilog
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1140070&r1=1140069&r2=1140070&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Jun 27 09:27:06 2011
@@ -148,6 +148,11 @@
DefaultServlet was broken due to a MIME type change for JavaScript.
(funkman)
</fix>
+ <fix>
+ Fix CVE-2011-2204. Prevent user passwords appearing in log files if a
+ runtime exception (e.g. OOME) occurs while creating a new user for a
+ MemoryUserDatabase via JMX. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
