Projects
openEuler:24.03:SP1:Everything
tomcat
_service:tar_scm:CVE-2020-1938-4.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:CVE-2020-1938-4.patch of Package tomcat
From 5716044b61cb5b638d8f0de848ac64df03184bc7 Mon Sep 17 00:00:00 2001 From: wang_yue111 <wangyue92@huawei.com> Date: Mon, 18 May 2020 15:23:19 +0800 Subject: [PATCH] 3 --- conf/server.xml | 5 ++++- .../apache/coyote/ajp/AbstractAjpProtocol.java | 18 +++++++++--------- java/org/apache/coyote/ajp/AjpProcessor.java | 2 +- webapps/docs/config/ajp.xml | 2 +- 4 files changed, 15 insertions(+), 12 deletions(-) diff --git a/conf/server.xml b/conf/server.xml index fce8922..81a4e16 100644 --- a/conf/server.xml +++ b/conf/server.xml @@ -113,7 +113,10 @@ --> <!-- Define an AJP 1.3 Connector on port 8009 --> - <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> + <Connector protocol="AJP/1.3" + address="::1" + port="8009" + redirectPort="8443" /> <!-- An Engine represents the entry point (within Catalina) that processes diff --git a/java/org/apache/coyote/ajp/AbstractAjpProtocol.java b/java/org/apache/coyote/ajp/AbstractAjpProtocol.java index a2f5e28..0bbd1e6 100644 --- a/java/org/apache/coyote/ajp/AbstractAjpProtocol.java +++ b/java/org/apache/coyote/ajp/AbstractAjpProtocol.java @@ -189,15 +189,15 @@ public abstract class AbstractAjpProtocol<S> extends AbstractProtocol<S> { } - private Pattern allowedArbitraryRequestAttributesPattern; - public void setAllowedArbitraryRequestAttributes(String allowedArbitraryRequestAttributes) { - this.allowedArbitraryRequestAttributesPattern = Pattern.compile(allowedArbitraryRequestAttributes); - } - public String getAllowedArbitraryRequestAttributes() { - return allowedArbitraryRequestAttributesPattern.pattern(); - } - protected Pattern getAllowedArbitraryRequestAttributesPattern() { - return allowedArbitraryRequestAttributesPattern; + private Pattern allowedRequestAttributesPattern; + public void setAllowedRequestAttributesPattern(String allowedRequestAttributesPattern) { + this.allowedRequestAttributesPattern = Pattern.compile(allowedRequestAttributesPattern); + } + public String getAllowedRequestAttributesPattern() { + return allowedRequestAttributesPattern.pattern(); + } + protected Pattern getAllowedRequestAttributesPatternInternal() { + return allowedRequestAttributesPattern; } diff --git a/java/org/apache/coyote/ajp/AjpProcessor.java b/java/org/apache/coyote/ajp/AjpProcessor.java index cc11a20..bf2cf86 100644 --- a/java/org/apache/coyote/ajp/AjpProcessor.java +++ b/java/org/apache/coyote/ajp/AjpProcessor.java @@ -746,7 +746,7 @@ public class AjpProcessor extends AbstractProcessor { } else { // All 'known' attributes will be processed by the previous // blocks. Any remaining attribute is an 'arbitrary' one. - Pattern pattern = protocol.getAllowedArbitraryRequestAttributesPattern(); + Pattern pattern = protocol.getAllowedRequestAttributesPatternInternal(); if (pattern == null) { response.setStatus(403); setErrorState(ErrorState.CLOSE_CLEAN, null); diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml index 17107e4..622e7ca 100644 --- a/webapps/docs/config/ajp.xml +++ b/webapps/docs/config/ajp.xml @@ -311,7 +311,7 @@ port. By default, the loopback address will be used.</p> </attribute> - <attribute name="allowedArbitraryRequestAttributes" required="false"> + <attribute name="allowedRequestAttributesPattern" required="false"> <p>The AJP protocol passes some information from the reverse proxy to the AJP connector using request attributes. These attributes are:</p> <ul> -- 2.23.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2