Fridrich Strba
e0ad8a1414
bsc#1218605, CVE-2023-51441 OBS-URL: https://build.opensuse.org/request/show/1145176 OBS-URL: https://build.opensuse.org/package/show/Java:packages/axis?expand=0&rev=58
47 lines
2.2 KiB
Diff
47 lines
2.2 KiB
Diff
Index: axis-1_4/src/org/apache/axis/client/ServiceFactory.java
|
|
===================================================================
|
|
--- axis-1_4.orig/src/org/apache/axis/client/ServiceFactory.java
|
|
+++ axis-1_4/src/org/apache/axis/client/ServiceFactory.java
|
|
@@ -17,9 +17,11 @@
|
|
package org.apache.axis.client;
|
|
|
|
import org.apache.axis.EngineConfiguration;
|
|
+import org.apache.axis.components.logger.LogFactory;
|
|
import org.apache.axis.configuration.EngineConfigurationFactoryFinder;
|
|
import org.apache.axis.utils.ClassUtils;
|
|
import org.apache.axis.utils.Messages;
|
|
+import org.apache.commons.logging.Log;
|
|
|
|
import javax.naming.Context;
|
|
import javax.naming.InitialContext;
|
|
@@ -47,6 +49,9 @@ import java.util.Properties;
|
|
public class ServiceFactory extends javax.xml.rpc.ServiceFactory
|
|
implements ObjectFactory
|
|
{
|
|
+ protected static Log log =
|
|
+ LogFactory.getLog(ServiceFactory.class.getName());
|
|
+
|
|
// Constants for RefAddrs in the Reference.
|
|
public static final String SERVICE_CLASSNAME = "service classname";
|
|
public static final String WSDL_LOCATION = "WSDL location";
|
|
@@ -106,6 +111,11 @@ public class ServiceFactory extends java
|
|
|
|
if (context != null) {
|
|
String name = (String)environment.get("jndiName");
|
|
+
|
|
+ if(name!=null && (name.toUpperCase().indexOf("LDAP")!=-1 || name.toUpperCase().indexOf("RMI")!=-1 || name.toUpperCase().indexOf("JMS")!=-1 || name.toUpperCase().indexOf("JMX")!=-1) || name.toUpperCase().indexOf("JRMP")!=-1 || name.toUpperCase().indexOf("JAVA")!=-1 || name.toUpperCase().indexOf("DNS")!=-1 || name.toUpperCase().indexOf("IIOP")!=-1 || name.toUpperCase().indexOf("CORBANAME")!=-1) {
|
|
+ log.warn("returning null, jndiName received by ServiceFactory.getService() is not supported by this method: " + name);
|
|
+ return null;
|
|
+ }
|
|
if (name == null) {
|
|
name = "axisServiceName";
|
|
}
|
|
@@ -120,6 +130,7 @@ public class ServiceFactory extends java
|
|
context.bind(name, service);
|
|
} catch (NamingException e1) {
|
|
// !!! Couldn't do it, what should we do here?
|
|
+ return null;
|
|
}
|
|
}
|
|
} else {
|