[SCM] tomcat6 packaging branch, master, updated. debian/6.0.35-5+nmu1-5-g62b0e7f

tony mancill tmancill at debian.org
Sat Dec 8 04:38:45 UTC 2012 

The following commit has been merged in the master branch:
commit 6ecf50f713796580a36be0c6b24cf2ba10ab714c
Author: tony mancill <tmancill at debian.org>
Date:   Thu Dec 6 21:38:51 2012 -0800

    patch for CVE-2012-4431

diff --git a/debian/patches/0015-CVE-2012-4431.patch b/debian/patches/0015-CVE-2012-4431.patch
new file mode 100644
index 0000000..8ad8d2e
--- /dev/null
+++ b/debian/patches/0015-CVE-2012-4431.patch
@@ -0,0 +1,51 @@
+Description:  Improve session management in CsrfPreventionFilter (kkolinko)
+ It is a fix for CVE-2012-4431.
+Origin: upstream, http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?r1=1394456&r2=1394455&pathrev=1394456
+
+--- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
++++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
+@@ -33,6 +33,7 @@
+ import javax.servlet.http.HttpServletRequest;
+ import javax.servlet.http.HttpServletResponse;
+ import javax.servlet.http.HttpServletResponseWrapper;
++import javax.servlet.http.HttpSession;
+ 
+ import org.apache.juli.logging.Log;
+ import org.apache.juli.logging.LogFactory;
+@@ -153,16 +154,19 @@
+                 }
+             }
+ 
++            HttpSession session = req.getSession(false);
++
+             @SuppressWarnings("unchecked")
+-            LruCache<String> nonceCache =
+-                (LruCache<String>) req.getSession(true).getAttribute(
+-                    Constants.CSRF_NONCE_SESSION_ATTR_NAME);
+-            
++            LruCache<String> nonceCache = (session == null) ? null
++                    : (LruCache<String>) session.getAttribute(
++                            Constants.CSRF_NONCE_SESSION_ATTR_NAME);
++
+             if (!skipNonceCheck) {
+                 String previousNonce =
+                     req.getParameter(Constants.CSRF_NONCE_REQUEST_PARAM);
+ 
+-                if (nonceCache != null && !nonceCache.contains(previousNonce)) {
++                if (nonceCache == null || previousNonce == null ||
++                        !nonceCache.contains(previousNonce)) {
+                     res.sendError(HttpServletResponse.SC_FORBIDDEN);
+                     return;
+                 }
+@@ -170,7 +174,10 @@
+             
+             if (nonceCache == null) {
+                 nonceCache = new LruCache<String>(nonceCacheSize);
+-                req.getSession().setAttribute(
++                if (session == null) {
++                    session = req.getSession(true);
++                }
++                session.setAttribute(
+                         Constants.CSRF_NONCE_SESSION_ATTR_NAME, nonceCache);
+             }
+             
diff --git a/debian/patches/series b/debian/patches/series
index b8bf1ac..833be91 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,4 @@
 cve-2012-2733.patch
 cve-2012-3439.patch
 0014-CVE-2012-4534.patch
+0015-CVE-2012-4431.patch

-- 
tomcat6 packaging

More information about the pkg-java-commits mailing list