[tomcat6/f15] patch for cve-2011-2204
Dave Knox
dknox at fedoraproject.org
Wed Jun 29 22:21:48 UTC 2011
commit 50a6eaed214825b0909cb6bce457596aa898afd5
Author: David Knox <dknox at dknox.(none)>
Date: Wed Jun 29 16:21:28 2011 -0600
patch for cve-2011-2204
tomcat6-6.0.32-CVE-2011-2204-rhbz-717016.patch | 157 ++++++++++++++++++++++++
1 files changed, 157 insertions(+), 0 deletions(-)
---
diff --git a/tomcat6-6.0.32-CVE-2011-2204-rhbz-717016.patch b/tomcat6-6.0.32-CVE-2011-2204-rhbz-717016.patch
new file mode 100644
index 0000000..f6ba43b
--- /dev/null
+++ b/tomcat6-6.0.32-CVE-2011-2204-rhbz-717016.patch
@@ -0,0 +1,157 @@
+--- java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java.orig 2011-06-28 09:28:45.429760363 -0600
++++ java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java 2011-06-28 10:12:42.771759755 -0600
+@@ -180,7 +180,7 @@
+ MBeanUtils.createMBean(group);
+ } catch (Exception e) {
+ IllegalArgumentException iae = new IllegalArgumentException
+- ("Exception creating group " + group + " MBean");
++ ("Exception creating group " + groupname + " MBean");
+ iae.initCause(e);
+ throw iae;
+ }
+@@ -203,7 +203,7 @@
+ MBeanUtils.createMBean(role);
+ } catch (Exception e) {
+ IllegalArgumentException iae = new IllegalArgumentException
+- ("Exception creating role " + role + " MBean");
++ ("Exception creating role " + rolename + " MBean");
+ iae.initCause(e);
+ throw iae;
+ }
+@@ -228,7 +228,7 @@
+ MBeanUtils.createMBean(user);
+ } catch (Exception e) {
+ IllegalArgumentException iae = new IllegalArgumentException
+- ("Exception creating user " + user + " MBean");
++ ("Exception creating user " + username + " MBean");
+ iae.initCause(e);
+ throw iae;
+ }
+@@ -256,7 +256,7 @@
+ return (oname.toString());
+ } catch (MalformedObjectNameException e) {
+ IllegalArgumentException iae = new IllegalArgumentException
+- ("Cannot create object name for group " + group);
++ ("Cannot create object name for group [" + groupname + "]");
+ iae.initCause(e);
+ throw iae;
+ }
+@@ -283,7 +283,7 @@
+ return (oname.toString());
+ } catch (MalformedObjectNameException e) {
+ IllegalArgumentException iae = new IllegalArgumentException
+- ("Cannot create object name for role " + role);
++ ("Cannot create object name for role [" + rolename + "]");
+ iae.initCause(e);
+ throw iae;
+ }
+@@ -310,7 +310,7 @@
+ return (oname.toString());
+ } catch (MalformedObjectNameException e) {
+ IllegalArgumentException iae = new IllegalArgumentException
+- ("Cannot create object name for user " + user);
++ ("Cannot create object name for user [" + username + "]");
+ iae.initCause(e);
+ throw iae;
+ }
+@@ -335,7 +335,7 @@
+ database.removeGroup(group);
+ } catch (Exception e) {
+ IllegalArgumentException iae = new IllegalArgumentException
+- ("Exception destroying group " + group + " MBean");
++ ("Exception destroying group [" + groupname + "] MBean");
+ iae.initCause(e);
+ throw iae;
+ }
+@@ -360,7 +360,7 @@
+ database.removeRole(role);
+ } catch (Exception e) {
+ IllegalArgumentException iae = new IllegalArgumentException
+- ("Exception destroying role " + role + " MBean");
++ ("Exception destroying role [" + role + "] MBean");
+ iae.initCause(e);
+ throw iae;
+ }
+@@ -385,7 +385,7 @@
+ database.removeUser(user);
+ } catch (Exception e) {
+ IllegalArgumentException iae = new IllegalArgumentException
+- ("Exception destroying user " + user + " MBean");
++ ("Exception destroying user [" + username + "] MBean");
+ iae.initCause(e);
+ throw iae;
+ }
+--- java/org/apache/catalina/users/MemoryUser.java.orig 2011-06-28 09:28:55.576760342 -0600
++++ java/org/apache/catalina/users/MemoryUser.java 2011-06-28 10:00:15.373759897 -0600
+@@ -246,7 +246,7 @@
+ * <code>username</code> or </code>name</code> for the username
+ * property.</p>
+ */
+- public String toString() {
++ public String toXml() {
+
+ StringBuffer sb = new StringBuffer("<user username=\"");
+ sb.append(RequestUtil.filter(username));
+@@ -293,5 +293,51 @@
+
+ }
+
++ /**
++ * <p>Return a String representation of this user.</p>
++ */
++ @Override
++ public String toString() {
++
++ StringBuilder sb = new StringBuilder("User username=\"");
++ sb.append(RequestUtil.filter(username));
++ sb.append("\"");
++ if ( fullName != null) {
++ sb.append(", fullName=\"");
++ sb.append(RequestUtil.filter(fullName));
++ sb.append("\"");
++ }
++ synchronized (groups) {
++ if (groups.size() > 0) {
++ sb.append(", groups=\"");
++ int n = 0;
++ Iterator<Group> values = groups.iterator();
++ while (values.hasNext()) {
++ if (n > 0) {
++ sb.append(',');
++ }
++ n++;
++ sb.append(RequestUtil.filter(values.next().getGroupname()));
++ }
++ sb.append("\"");
++ }
++ }
++ synchronized (roles) {
++ if (roles.size() > 0) {
++ sb.append(", roles=\"");
++ int n = 0;
++ Iterator<Role> values = roles.iterator();
++ while (values.hasNext()) {
++ if (n > 0) {
++ sb.append(',');
++ }
++ n++;
++ sb.append(RequestUtil.filter(values.next().getRolename()));
++ }
++ sb.append("\"");
++ }
++ }
++ return (sb.toString());
++ }
+
+ }
+--- java/org/apache/catalina/users/MemoryUserDatabase.java.orig 2011-06-28 09:29:08.873760339 -0600
++++ java/org/apache/catalina/users/MemoryUserDatabase.java 2011-06-28 09:30:30.370760318 -0600
+@@ -549,7 +549,7 @@
+ values = getUsers();
+ while (values.hasNext()) {
+ writer.print(" ");
+- writer.println(values.next());
++ writer.println(((MemoryUser) values.next()).toXml());
+ }
+
+ // Print the file epilog
More information about the scm-commits
mailing list