Projects
openEuler:24.03:SP1:Everything
tomcat
_service:tar_scm:CVE-2023-41080.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:CVE-2023-41080.patch of Package tomcat
From 77c0ce2d169efa248b64b992e547aad549ec906b Mon Sep 17 00:00:00 2001 From: Mark Thomas <markt@apache.org> Date: Tue, 22 Aug 2023 11:31:23 -0700 Subject: [PATCH] Avoid protocol relative redirects Origin: https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b --- .../apache/catalina/authenticator/FormAuthenticator.java | 6 ++++++ webapps/docs/changelog.xml | 3 +++ 2 files changed, 9 insertions(+) diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java b/java/org/apache/catalina/authenticator/FormAuthenticator.java index a57db51776b..d54cc62182e 100644 --- a/java/org/apache/catalina/authenticator/FormAuthenticator.java +++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java @@ -747,6 +747,12 @@ protected String savedRequestURL(Session session) { sb.append('?'); sb.append(saved.getQueryString()); } + + // Avoid protocol relative redirects + while (sb.length() > 1 && sb.charAt(1) == '/') { + sb.deleteCharAt(0); + } + return sb.toString(); } }
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2