Projects
home:Eustace:branches:Eulaceura:Factory
tomcat
_service:obs_scm:CVE-2021-30640-3.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:obs_scm:CVE-2021-30640-3.patch of Package tomcat
From 2e3924d0a8372ced148b42016432c038dd1ae487 Mon Sep 17 00:00:00 2001 From: Mark Thomas <markt@apache.org> Date: Tue, 13 Apr 2021 11:43:51 +0100 Subject: [PATCH] Expand tests and fix escaping issue when searching for users by filter --- java/org/apache/catalina/realm/JNDIRealm.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java index b60f393..dcec473 100644 --- a/java/org/apache/catalina/realm/JNDIRealm.java +++ b/java/org/apache/catalina/realm/JNDIRealm.java @@ -1648,7 +1648,9 @@ public class JNDIRealm extends RealmBase { return null; // Form the search filter - String filter = connection.userSearchFormat.format(new String[] { username }); + // Escape in case username contains a character with special meaning in + // a search filter. + String filter = connection.userSearchFormat.format(new String[] { doFilterEscaping(username) }); // Set up the search controls SearchControls constraints = new SearchControls(); @@ -1913,6 +1915,8 @@ System.out.println("userRoleName " + userRoleName + " " + attrs.get(userRoleName if (user == null) return null; + // This is returned from the directory so will be attribute value + // escaped if required String dn = user.getDN(); String username = user.getUserName(); String userRoleId = user.getUserRoleId(); -- 2.23.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2