54 lines
3.0 KiB
Diff
54 lines
3.0 KiB
Diff
From 2cf4da6f346b57128724aa893d4f2c8e57e7ed2e Mon Sep 17 00:00:00 2001
|
|
From: ruolli <ruolin.li@oracle.com>
|
|
Date: Thu, 10 Jun 2021 15:52:22 +0800
|
|
Subject: [PATCH] Multiple Path Traversal security issues
|
|
|
|
---
|
|
.../sun/faces/application/resource/ClasspathResourceHelper.java | 2 +-
|
|
.../com/sun/faces/application/resource/ResourceManager.java | 2 +-
|
|
.../sun/faces/application/resource/WebappResourceHelper.java | 2 +-
|
|
3 files changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/jsf-ri/src/main/java/com/sun/faces/application/resource/ClasspathResourceHelper.java b/jsf-ri/src/main/java/com/sun/faces/application/resource/ClasspathResourceHelper.java
|
|
index b50916e..57a5454 100644
|
|
--- a/jsf-ri/src/main/java/com/sun/faces/application/resource/ClasspathResourceHelper.java
|
|
+++ b/jsf-ri/src/main/java/com/sun/faces/application/resource/ClasspathResourceHelper.java
|
|
@@ -376,7 +376,7 @@ public class ClasspathResourceHelper extends ResourceHelper {
|
|
} else if (root == null) {
|
|
String contractName = ctx.getExternalContext().getRequestParameterMap()
|
|
.get("con");
|
|
- if (null != contractName && 0 < contractName.length()) {
|
|
+ if (null != contractName && 0 < contractName.length() && !ResourceManager.nameContainsForbiddenSequence(contractName)) {
|
|
contracts = new ArrayList<String>();
|
|
contracts.add(contractName);
|
|
} else {
|
|
diff --git a/jsf-ri/src/main/java/com/sun/faces/application/resource/ResourceManager.java b/jsf-ri/src/main/java/com/sun/faces/application/resource/ResourceManager.java
|
|
index f904f9d..b714769 100644
|
|
--- a/jsf-ri/src/main/java/com/sun/faces/application/resource/ResourceManager.java
|
|
+++ b/jsf-ri/src/main/java/com/sun/faces/application/resource/ResourceManager.java
|
|
@@ -374,7 +374,7 @@ public class ResourceManager {
|
|
|
|
}
|
|
|
|
- private static boolean nameContainsForbiddenSequence(String name) {
|
|
+ static boolean nameContainsForbiddenSequence(String name) {
|
|
boolean result = false;
|
|
if (name != null) {
|
|
name = name.toLowerCase();
|
|
diff --git a/jsf-ri/src/main/java/com/sun/faces/application/resource/WebappResourceHelper.java b/jsf-ri/src/main/java/com/sun/faces/application/resource/WebappResourceHelper.java
|
|
index 4ff422a..d420e7b 100644
|
|
--- a/jsf-ri/src/main/java/com/sun/faces/application/resource/WebappResourceHelper.java
|
|
+++ b/jsf-ri/src/main/java/com/sun/faces/application/resource/WebappResourceHelper.java
|
|
@@ -334,7 +334,7 @@ public class WebappResourceHelper extends ResourceHelper {
|
|
} else if (root == null) {
|
|
String contractName = ctx.getExternalContext().getRequestParameterMap()
|
|
.get("con");
|
|
- if (null != contractName && 0 < contractName.length()) {
|
|
+ if (null != contractName && 0 < contractName.length() && !ResourceManager.nameContainsForbiddenSequence(contractName)) {
|
|
contracts = new ArrayList<String>();
|
|
contracts.add(contractName);
|
|
} else {
|
|
--
|
|
2.23.0
|
|
|