pool/tomcat
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 841718 from home:mateialbu:branches:Java:packages

Browse Source 
CVE-2020-13943 and bsc#1177601

OBS-URL: https://build.opensuse.org/request/show/841718
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=209
This commit is contained in:
Matei Albu 2020-10-14 08:54:21 +00:00 committed by Git OBS Bridge
parent 14216e6c34
commit d14a544fa7
9 changed files with 135 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
tomcat-9.0-CVE-2020-13943.patch Normal file
View File

@ -0,0 +1,115 @@
From 55911430df13f8c9998fbdee1f9716994d2db59b Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Thu, 23 Jul 2020 17:43:45 +0100
Subject: [PATCH] Move check for current streams to end of header parsing.
---
java/org/apache/coyote/http2/Http2Parser.java | 2 +-
.../coyote/http2/Http2UpgradeHandler.java | 24 ++++++++++---------
.../coyote/http2/TestHttp2Section_5_1.java | 20 ++++++++++------
3 files changed, 27 insertions(+), 19 deletions(-)
Index: apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/Http2Parser.java
===================================================================
--- apache-tomcat-9.0.36-src.orig/java/org/apache/coyote/http2/Http2Parser.java
+++ apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/Http2Parser.java
@@ -738,7 +738,7 @@ class Http2Parser {
HeaderEmitter headersStart(int streamId, boolean headersEndStream)
throws Http2Exception, IOException;
void headersContinue(int payloadSize, boolean endOfHeaders);
- void headersEnd(int streamId) throws ConnectionException;
+ void headersEnd(int streamId) throws Http2Exception;
// Priority frames (also headers)
void reprioritise(int streamId, int parentStreamId, boolean exclusive, int weight)
Index: apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java
===================================================================
--- apache-tomcat-9.0.36-src.orig/java/org/apache/coyote/http2/Http2UpgradeHandler.java
+++ apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java
@@ -1451,16 +1451,6 @@ class Http2UpgradeHandler extends Abstra
stream.checkState(FrameType.HEADERS);
stream.receivedStartOfHeaders(headersEndStream);
closeIdleStreams(streamId);
- if (localSettings.getMaxConcurrentStreams() < activeRemoteStreamCount.incrementAndGet()) {
- setConnectionTimeoutForStreamCount(activeRemoteStreamCount.decrementAndGet());
- // Ignoring maxConcurrentStreams increases the overhead count
- increaseOverheadCount();
- throw new StreamException(sm.getString("upgradeHandler.tooManyRemoteStreams",
- Long.toString(localSettings.getMaxConcurrentStreams())),
- Http2Error.REFUSED_STREAM, streamId);
- }
- // Valid new stream reduces the overhead count
- reduceOverheadCount();
return stream;
} else {
if (log.isDebugEnabled()) {
@@ -1528,12 +1518,24 @@ class Http2UpgradeHandler extends Abstra
@Override
- public void headersEnd(int streamId) throws ConnectionException {
+ public void headersEnd(int streamId) throws Http2Exception {
Stream stream = getStream(streamId, connectionState.get().isNewStreamAllowed());
if (stream != null) {
setMaxProcessedStream(streamId);
if (stream.isActive()) {
if (stream.receivedEndOfHeaders()) {
+
+ if (localSettings.getMaxConcurrentStreams() < activeRemoteStreamCount.incrementAndGet()) {
+ setConnectionTimeoutForStreamCount(activeRemoteStreamCount.decrementAndGet());
+ // Ignoring maxConcurrentStreams increases the overhead count
+ increaseOverheadCount();
+ throw new StreamException(sm.getString("upgradeHandler.tooManyRemoteStreams",
+ Long.toString(localSettings.getMaxConcurrentStreams())),
+ Http2Error.REFUSED_STREAM, streamId);
+ }
+ // Valid new stream reduces the overhead count
+ reduceOverheadCount();
+
processStreamOnContainerThread(stream);
}
}
Index: apache-tomcat-9.0.36-src/test/org/apache/coyote/http2/TestHttp2Section_5_1.java
===================================================================
--- apache-tomcat-9.0.36-src.orig/test/org/apache/coyote/http2/TestHttp2Section_5_1.java
+++ apache-tomcat-9.0.36-src/test/org/apache/coyote/http2/TestHttp2Section_5_1.java
@@ -222,11 +222,11 @@ public class TestHttp2Section_5_1 extend
// Expecting
// 1 * headers
// 56k-1 of body (7 * ~8k)
- // 1 * error (could be in any order)
- for (int i = 0; i < 8; i++) {
+ // 1 * error
+ // for a total of 9 frames (could be in any order)
+ for (int i = 0; i < 9; i++) {
parser.readFrame(true);
}
- parser.readFrame(true);
Assert.assertTrue(output.getTrace(),
output.getTrace().contains("5-RST-[" +
@@ -238,14 +238,20 @@ public class TestHttp2Section_5_1 extend
// Release the remaining body
sendWindowUpdate(0, (1 << 31) - 2);
- // Allow for the 8k still in the stream window
+ // Allow for the ~8k still in the stream window
sendWindowUpdate(3, (1 << 31) - 8193);
- // 192k of body (24 * 8k)
- // 1 * error (could be in any order)
- for (int i = 0; i < 24; i++) {
+ // Read until the end of stream 3
+ while (!output.getTrace().contains("3-EndOfStream")) {
parser.readFrame(true);
}
+ output.clearTrace();
+
+ // Confirm another request can be sent once concurrency falls back below limit
+ sendSimpleGetRequest(7);
+ parser.readFrame(true);
+ parser.readFrame(true);
+ Assert.assertEquals(getSimpleResponseTrace(7), output.getTrace());
}

4
tomcat-9.0-jsvc.service
View File

@ -14,8 +14,8 @@ After=syslog.target network.target
Type=simple Type=simple
EnvironmentFile=/etc/tomcat/tomcat.conf EnvironmentFile=/etc/tomcat/tomcat.conf
Environment="NAME=" "USE_JSVC=true" Environment="NAME=" "USE_JSVC=true"
ExecStart=/usr/lib/tomcat/server start ExecStart=/usr/libexec/tomcat/server start
ExecStop=/usr/lib/tomcat/server stop ExecStop=/usr/libexec/tomcat/server stop
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

4
tomcat-9.0.service
View File

@ -14,8 +14,8 @@ Type=simple
EnvironmentFile=/etc/tomcat/tomcat.conf EnvironmentFile=/etc/tomcat/tomcat.conf
Environment="NAME=" Environment="NAME="
EnvironmentFile=-/etc/sysconfig/tomcat EnvironmentFile=-/etc/sysconfig/tomcat
ExecStart=/usr/lib/tomcat/server start ExecStart=/usr/libexec/tomcat/server start
ExecStop=/usr/lib/tomcat/server stop ExecStop=/usr/libexec/tomcat/server stop
SuccessExitStatus=143 SuccessExitStatus=143
User=tomcat User=tomcat
Group=tomcat Group=tomcat

2
tomcat-9.0.wrapper
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
if [ "$1" = "version" ]; then if [ "$1" = "version" ]; then
. /usr/lib/tomcat/preamble . /usr/libexec/tomcat/preamble
exec ${JAVACMD} -classpath ${CATALINA_HOME}/lib/catalina.jar \ exec ${JAVACMD} -classpath ${CATALINA_HOME}/lib/catalina.jar \
org.apache.catalina.util.ServerInfo org.apache.catalina.util.ServerInfo
fi fi

4
tomcat-named.service
View File

@ -15,8 +15,8 @@ Type=simple
EnvironmentFile=/etc/tomcat/tomcat.conf EnvironmentFile=/etc/tomcat/tomcat.conf
Environment="NAME=%I" Environment="NAME=%I"
EnvironmentFile=-/etc/sysconfig/tomcat@%I EnvironmentFile=-/etc/sysconfig/tomcat@%I
ExecStart=/usr/lib/tomcat/server start ExecStart=/usr/libexec/tomcat/server start
ExecStop=/usr/lib/tomcat/server stop ExecStop=/usr/libexec/tomcat/server stop
SuccessExitStatus=143 SuccessExitStatus=143
User=tomcat User=tomcat
Group=tomcat Group=tomcat

2
tomcat-preamble
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
. /usr/lib/tomcat/functions . /usr/libexec/tomcat/functions
# Get the tomcat config (use this for environment specific settings) # Get the tomcat config (use this for environment specific settings)

2
tomcat-server
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
. /usr/lib/tomcat/preamble . /usr/libexec/tomcat/preamble
MAIN_CLASS=org.apache.catalina.startup.Bootstrap MAIN_CLASS=org.apache.catalina.startup.Bootstrap

9
tomcat.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Tue Oct 13 11:23:32 UTC 2020 - Matei Albu <malbu@suse.com>
- Fix CVE-2020-13943 (bsc#1177582)
- Added patch:
* tomcat-9.0-CVE-2020-13943.patch
- Change /usr/lib/tomcat to /usr/libexec/tomcat in startup
scripts (bsc#1177601)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Aug 26 06:04:58 UTC 2020 - Fridrich Strba <fstrba@suse.com> Wed Aug 26 06:04:58 UTC 2020 - Fridrich Strba <fstrba@suse.com>

2
tomcat.spec
View File

@ -83,6 +83,7 @@ Patch4: tomcat-9.0-osgi-build.patch
Patch5: tomcat-9.0.31-java8compat.patch Patch5: tomcat-9.0.31-java8compat.patch
# PATCH-FIX-OPENSUSE: set ajp connector secreteRequired to false by default to avoid tomcat not starting # PATCH-FIX-OPENSUSE: set ajp connector secreteRequired to false by default to avoid tomcat not starting
Patch6: tomcat-9.0.31-secretRequired-default.patch Patch6: tomcat-9.0.31-secretRequired-default.patch
Patch7: tomcat-9.0-CVE-2020-13943.patch
BuildRequires: ant >= 1.8.1 BuildRequires: ant >= 1.8.1
BuildRequires: ant-antlr BuildRequires: ant-antlr
@ -262,6 +263,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1
# remove date from docs # remove date from docs
sed -i -e '/build-date/ d' webapps/docs/tomcat-docs.xsl sed -i -e '/build-date/ d' webapps/docs/tomcat-docs.xsl