Projects
Mega:24.03:SP1:Everything
tomcat
_service:tar_scm:CVE-2022-23181.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:CVE-2022-23181.patch of Package tomcat
From 1385c624b4a1e994426e810075c850edc38a700e Mon Sep 17 00:00:00 2001 From: Mark Thomas <markt@apache.org> Date: Wed, 12 Jan 2022 11:11:29 +0000 Subject: [PATCH] Make calculation of session storage location more robust --- java/org/apache/catalina/session/FileStore.java | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/java/org/apache/catalina/session/FileStore.java b/java/org/apache/catalina/session/FileStore.java index cac6027abdc..e42a72a4c87 100644 --- a/java/org/apache/catalina/session/FileStore.java +++ b/java/org/apache/catalina/session/FileStore.java @@ -349,13 +349,14 @@ private File file(String id) throws IOException { String filename = id + FILE_EXT; File file = new File(storageDir, filename); + File canonicalFile = file.getCanonicalFile(); // Check the file is within the storage directory - if (!file.getCanonicalFile().toPath().startsWith(storageDir.getCanonicalFile().toPath())) { + if (!canonicalFile.toPath().startsWith(storageDir.getCanonicalFile().toPath())) { log.warn(sm.getString("fileStore.invalid", file.getPath(), id)); return null; } - return file; + return canonicalFile; } }
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2