Projects
openEuler:24.03:SP1:Everything
tomcat
_service:tar_scm:CVE-2021-30640-2.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:CVE-2021-30640-2.patch of Package tomcat
From f9a89674c08b55677424df7bd41685e72316e6bf Mon Sep 17 00:00:00 2001 From: Mark Thomas <markt@apache.org> Date: Tue, 13 Apr 2021 11:35:07 +0100 Subject: [PATCH] Rename for clarity --- java/org/apache/catalina/realm/JNDIRealm.java | 30 +++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java index 54921dc..b60f393 100644 --- a/java/org/apache/catalina/realm/JNDIRealm.java +++ b/java/org/apache/catalina/realm/JNDIRealm.java @@ -1942,7 +1942,7 @@ System.out.println("userRoleName " + userRoleName + " " + attrs.get(userRoleName return list; // Set up parameters for an appropriate search - String filter = connection.roleFormat.format(new String[] { doRFC2254Encoding(dn), username, userRoleId }); + String filter = connection.roleFormat.format(new String[] { doFilterEscaping(dn), username, userRoleId }); SearchControls controls = new SearchControls(); if (roleSubtree) controls.setSearchScope(SearchControls.SUBTREE_SCOPE); @@ -2010,7 +2010,7 @@ System.out.println("userRoleName " + userRoleName + " " + attrs.get(userRoleName Map<String, String> newThisRound = new HashMap<>(); // Stores the groups we find in this iteration for (Entry<String, String> group : newGroups.entrySet()) { - filter = connection.roleFormat.format(new String[] { doRFC2254Encoding(group.getKey()), + filter = connection.roleFormat.format(new String[] { doFilterEscaping(group.getKey()), group.getValue(), group.getValue() }); if (containerLog.isTraceEnabled()) { @@ -2730,10 +2730,36 @@ System.out.println("userRoleName " + userRoleName + " " + attrs.get(userRoleName * ) -> \29 * \ -> \5c * \0 -> \00 + * * @param inString string to escape according to RFC 2254 guidelines + * * @return String the escaped/encoded result + * + * @deprecated Will be removed in Tomcat 10.1.x onwards */ + @Deprecated protected String doRFC2254Encoding(String inString) { + return doFilterEscaping(inString); + } + + + /** + * Given an LDAP search string, returns the string with certain characters + * escaped according to RFC 2254 guidelines. + * The character mapping is as follows: + * char -> Replacement + * --------------------------- + * * -> \2a + * ( -> \28 + * ) -> \29 + * \ -> \5c + * \0 -> \00 + * + * @param inString string to escape according to RFC 2254 guidelines + * + * @return String the escaped/encoded result + */ + protected String doFilterEscaping(String inString) { StringBuilder buf = new StringBuilder(inString.length()); for (int i = 0; i < inString.length(); i++) { char c = inString.charAt(i); -- 2.23.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2