tomcat/tomcat-9.0-CVE-2021-25122.patch

Index: apache-tomcat-9.0.36-src/java/org/apache/coyote/AbstractProtocol.java
===================================================================
--- apache-tomcat-9.0.36-src.orig/java/org/apache/coyote/AbstractProtocol.java
+++ apache-tomcat-9.0.36-src/java/org/apache/coyote/AbstractProtocol.java
@@ -870,8 +870,10 @@ public abstract class AbstractProtocol<S
                     if (state == SocketState.UPGRADING) {
                         // Get the HTTP upgrade handler
                         UpgradeToken upgradeToken = processor.getUpgradeToken();
-                        // Retrieve leftover input
+                        // Restore leftover input to the wrapper so the upgrade
+                        // processor can process it.
                         ByteBuffer leftOverInput = processor.getLeftoverInput();
+                        wrapper.unRead(leftOverInput);
                         if (upgradeToken == null) {
                             // Assume direct HTTP/2 connection
                             UpgradeProtocol upgradeProtocol = getProtocol().getUpgradeProtocol("h2c");
Index: apache-tomcat-9.0.36-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.36-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.36-src/webapps/docs/changelog.xml
@@ -170,6 +170,10 @@
   <subsection name="Catalina">
     <changelog>
       <fix>
+        Additional fix for <bug>64830</bug> to address an edge case that could
+        trigger request corruption with h2c connections. (markt)
+      </fix>
+      <fix>
         Reduce reflection use and remove AJP specific code in the Connector.
         (remm/markt/fhanik)
       </fix>
Accepting request 880517 from home:admehmood:branches:Java:packages * CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912) * CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909) - Added patches: * tomcat-9.0-CVE-2021-25122.patch * tomcat-9.0-CVE-2021-25329.patch OBS-URL: https://build.opensuse.org/request/show/880517 OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=221 2021-03-23 11:26:59 +00:00			`Index: apache-tomcat-9.0.36-src/java/org/apache/coyote/AbstractProtocol.java`
			`===================================================================`
			`--- apache-tomcat-9.0.36-src.orig/java/org/apache/coyote/AbstractProtocol.java`
			`+++ apache-tomcat-9.0.36-src/java/org/apache/coyote/AbstractProtocol.java`
			`@@ -870,8 +870,10 @@ public abstract class AbstractProtocol<S`
			`if (state == SocketState.UPGRADING) {`
			`// Get the HTTP upgrade handler`
			`UpgradeToken upgradeToken = processor.getUpgradeToken();`
			`- // Retrieve leftover input`
			`+ // Restore leftover input to the wrapper so the upgrade`
			`+ // processor can process it.`
			`ByteBuffer leftOverInput = processor.getLeftoverInput();`
			`+ wrapper.unRead(leftOverInput);`
			`if (upgradeToken == null) {`
			`// Assume direct HTTP/2 connection`
			`UpgradeProtocol upgradeProtocol = getProtocol().getUpgradeProtocol("h2c");`
			`Index: apache-tomcat-9.0.36-src/webapps/docs/changelog.xml`
			`===================================================================`
			`--- apache-tomcat-9.0.36-src.orig/webapps/docs/changelog.xml`
			`+++ apache-tomcat-9.0.36-src/webapps/docs/changelog.xml`
			`@@ -170,6 +170,10 @@`
			`<subsection name="Catalina">`
			`<changelog>`
			`<fix>`
			`+ Additional fix for <bug>64830</bug> to address an edge case that could`
			`+ trigger request corruption with h2c connections. (markt)`
			`+ </fix>`
			`+ <fix>`
			`Reduce reflection use and remove AJP specific code in the Connector.`
			`(remm/markt/fhanik)`
			`</fix>`