41 lines
1.8 KiB
Diff
41 lines
1.8 KiB
Diff
diff -Nru struts-1.3.10/src/core/src/main/java/org/apache/struts/action/ActionServlet.java struts-1.3.10.CVE-2016-1181-CVE-2016-1182/src/core/src/main/java/org/apache/struts/action/ActionServlet.java
|
|
--- struts-1.3.10/src/core/src/main/java/org/apache/struts/action/ActionServlet.java 2008-06-05 00:14:28.000000000 +0200
|
|
+++ struts-1.3.10.CVE-2016-1181-CVE-2016-1182/src/core/src/main/java/org/apache/struts/action/ActionServlet.java 2016-06-22 15:19:33.998721694 +0200
|
|
@@ -23,6 +23,7 @@
|
|
import org.apache.commons.beanutils.BeanUtils;
|
|
import org.apache.commons.beanutils.ConvertUtils;
|
|
import org.apache.commons.beanutils.PropertyUtils;
|
|
+import org.apache.commons.beanutils.SuppressPropertiesBeanIntrospector;
|
|
import org.apache.commons.beanutils.converters.BigDecimalConverter;
|
|
import org.apache.commons.beanutils.converters.BigIntegerConverter;
|
|
import org.apache.commons.beanutils.converters.BooleanConverter;
|
|
@@ -76,6 +77,7 @@
|
|
|
|
import java.util.ArrayList;
|
|
import java.util.Enumeration;
|
|
+import java.util.HashSet;
|
|
import java.util.Iterator;
|
|
import java.util.List;
|
|
import java.util.MissingResourceException;
|
|
@@ -1700,8 +1702,19 @@
|
|
*/
|
|
protected void initOther()
|
|
throws ServletException {
|
|
- String value;
|
|
|
|
+ /* Fix CVE-2016-1181 CVE-2016-1182 start */
|
|
+ HashSet suppressProperties = new HashSet();
|
|
+ suppressProperties.add("class");
|
|
+ suppressProperties.add("multipartRequestHandler");
|
|
+ suppressProperties.add("resultValueMap");
|
|
+
|
|
+ PropertyUtils.addBeanIntrospector(
|
|
+ new SuppressPropertiesBeanIntrospector(suppressProperties));
|
|
+ PropertyUtils.clearDescriptors();
|
|
+
|
|
+ String value = null;
|
|
+ /* Fix CVE-2016-1181 CVE-2016-1182 end */
|
|
value = getServletConfig().getInitParameter("config");
|
|
|
|
if (value != null) {
|