[tomcat6/f13/master] Resolves rhbz 674601 JDK Double.parseDouble DoS

Thu Feb 3 17:15:42 UTC 2011

commit 6acca33adacbda700aea0be3c1fca1360f047af4
Author: david knox <dknox at 78-97-42-72.skybeam.com>
Date:   Thu Feb 3 10:11:03 2011 -0700

    Resolves rhbz 674601 JDK Double.parseDouble DoS

 tomcat6-6.0-rhbz674601.patch |   16 ++++++++++++++++
 tomcat6.spec                 |    7 ++++++-
 2 files changed, 22 insertions(+), 1 deletions(-)
---

diff --git a/tomcat6-6.0-rhbz674601.patch b/tomcat6-6.0-rhbz674601.patch
new file mode 100644
index 0000000..4a4c313
--- /dev/null
+++ b/tomcat6-6.0-rhbz674601.patch
@@ -0,0 +1,16 @@
+--- java/org/apache/catalina/connector/Request.java.orig	2011-02-03 09:20:32.284215218 -0700
++++ java/org/apache/catalina/connector/Request.java	2011-02-03 09:22:03.149207745 -0700
+@@ -2701,7 +2701,12 @@
+             int semi = entry.indexOf(";q=");
+             if (semi >= 0) {
+                 try {
+-                    quality = Double.parseDouble(entry.substring(semi + 3));
++                    String strQuality = entry.substring(semi + 3);
++                    if (strQuality.length() <= 5) {
++                        quality = Double.parseDouble(strQuality);
++                    } else {
++                        quality = 0.0;
++                    }
+                 } catch (NumberFormatException e) {
+                     quality = 0.0;
+                 }
diff --git a/tomcat6.spec b/tomcat6.spec
index 295cff9..f077d1d 100644
--- a/tomcat6.spec
+++ b/tomcat6.spec
@@ -55,7 +55,7 @@
 Name: tomcat6
 Epoch: 0
 Version: %{major_version}.%{minor_version}.%{micro_version}
-Release: 13%{?dist}
+Release: 14%{?dist}
 Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 Group: Networking/Daemons
@@ -75,6 +75,7 @@ Source10: %{name}-%{major_version}.%{minor_version}-log4j.properties
 Patch0: %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
 Patch1: %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
 Patch2: %{name}-%{major_version}.%{minor_version}-CVE-2010-2227.patch
+Patch3: %{name}-%{major_version}.%{minor_version}-rhbz674601.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildArch: noarch
 BuildRequires: ant
@@ -221,6 +222,7 @@ pushd %{packdname}
 %patch0 -p0
 %patch1 -p0
 %patch2 -p0
+%patch3 -p0
 %{__ln_s} $(build-classpath jakarta-taglibs-core) webapps/examples/WEB-INF/lib/jstl.jar
 %{__ln_s} $(build-classpath jakarta-taglibs-standard) webapps/examples/WEB-INF/lib/standard.jar
 popd
@@ -629,6 +631,9 @@ fi
 %{appdir}/sample
 
 %changelog
+* Thu Feb 3 2011 David Knox <dknox at redhat.com> 0:6.0.26-14
+- Resolves rhbz 674601 JDK Double.parseDouble DoS
+
 * Wed Dec 1 2010  David Knox <dknox at redhat.com> 0:6.0.26-13
 - rhbz 640686 - appdir, libdir, and confdir are copied in 
 - pre to __tmppath. The are copied back in postrans and 
