packages/undertow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:1e5d291a748ea42c20037ffda3ee2c5dda884216
Branches Tags
packages:main
..
compare: packages:f8494fb89d24e1886da422a959551046de45d51d
Branches Tags
packages:main

No commits in common. "1e5d291a748ea42c20037ffda3ee2c5dda884216" and "f8494fb89d24e1886da422a959551046de45d51d" have entirely different histories.
1e5d291a74 ... f8494fb89d

5 changed files with 1 additions and 220 deletions
Show Stats Expand all files Collapse all files

22
CVE-2019-3888.patch
View File

@ -1,22 +0,0 @@
From ac72df4e61b73d205c6cc5ad08226fa4c889ccc2 Mon Sep 17 00:00:00 2001
From: Michael Bolz <michael.bolz@sap.com>
Date: Tue, 1 Oct 2019 06:45:17 +0200
Subject: [PATCH] [UNDERTOW-1515] HttpServerExchange.toString does not include
headers
---
core/src/main/java/io/undertow/server/HttpServerExchange.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/src/main/java/io/undertow/server/HttpServerExchange.java b/core/src/main/java/io/undertow/server/HttpServerExchange.java
index d933eb7811..a2763ed6ab 100644
--- a/core/src/main/java/io/undertow/server/HttpServerExchange.java
+++ b/core/src/main/java/io/undertow/server/HttpServerExchange.java
@@ -2443,6 +2443,6 @@ public T create() {
@Override
public String toString() {
- return "HttpServerExchange{ " + getRequestMethod().toString() + " " + getRequestURI() + " request " + requestHeaders + " response " + responseHeaders + '}';
+ return "HttpServerExchange{ " + getRequestMethod().toString() + " " + getRequestURI() + '}';
}
}

97
CVE-2020-10705.patch
View File

@ -1,97 +0,0 @@
From b53d4589c586e8bbdcc89ed60f32cd7977e9a4f4 Mon Sep 17 00:00:00 2001
From: Stuart Douglas <stuart.w.douglas@gmail.com>
Date: Wed, 15 Apr 2020 15:39:02 +1000
Subject: [PATCH] [UNDERTOW-1657] Fix issue with 100-continue and h2
---
.../server/handlers/HttpContinueReadHandler.java | 12 +++++++-----
.../server/protocol/ajp/AjpServerConnection.java | 6 +++++-
.../server/protocol/http/HttpServerConnection.java | 6 +++++-
3 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/core/src/main/java/io/undertow/server/handlers/HttpContinueReadHandler.java b/core/src/main/java/io/undertow/server/handlers/HttpContinueReadHandler.java
index 33c5c25..4a905f3 100644
--- a/core/src/main/java/io/undertow/server/handlers/HttpContinueReadHandler.java
+++ b/core/src/main/java/io/undertow/server/handlers/HttpContinueReadHandler.java
@@ -23,15 +23,17 @@ import java.nio.ByteBuffer;
import java.nio.channels.FileChannel;
import java.util.concurrent.TimeUnit;
+import org.xnio.channels.StreamSinkChannel;
+import org.xnio.conduits.AbstractStreamSourceConduit;
+import org.xnio.conduits.StreamSourceConduit;
+
import io.undertow.server.ConduitWrapper;
-import io.undertow.server.protocol.http.HttpContinue;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
+import io.undertow.server.ResponseCommitListener;
+import io.undertow.server.protocol.http.HttpContinue;
import io.undertow.util.ConduitFactory;
import io.undertow.util.StatusCodes;
-import org.xnio.channels.StreamSinkChannel;
-import org.xnio.conduits.AbstractStreamSourceConduit;
-import org.xnio.conduits.StreamSourceConduit;
/**
* Handler for requests that require 100-continue responses. If an attempt is made to read from the source
@@ -44,7 +46,7 @@ public class HttpContinueReadHandler implements HttpHandler {
private static final ConduitWrapper<StreamSourceConduit> WRAPPER = new ConduitWrapper<StreamSourceConduit>() {
@Override
public StreamSourceConduit wrap(final ConduitFactory<StreamSourceConduit> factory, final HttpServerExchange exchange) {
- if(exchange.isRequestChannelAvailable() && !exchange.isResponseStarted()) {
+ if (exchange.isRequestChannelAvailable() && !exchange.isResponseStarted()) {
return new ContinueConduit(factory.create(), exchange);
}
return factory.create();
diff --git a/core/src/main/java/io/undertow/server/protocol/ajp/AjpServerConnection.java b/core/src/main/java/io/undertow/server/protocol/ajp/AjpServerConnection.java
index e5e3031..d9cae2d 100644
--- a/core/src/main/java/io/undertow/server/protocol/ajp/AjpServerConnection.java
+++ b/core/src/main/java/io/undertow/server/protocol/ajp/AjpServerConnection.java
@@ -26,6 +26,8 @@ import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.SSLSessionInfo;
import io.undertow.util.DateUtils;
+
+import org.xnio.IoUtils;
import org.xnio.OptionMap;
import io.undertow.connector.ByteBufferPool;
import org.xnio.StreamConnection;
@@ -61,7 +63,9 @@ public final class AjpServerConnection extends AbstractServerConnection {
@Override
public void terminateRequestChannel(HttpServerExchange exchange) {
- //todo: terminate
+ if (!exchange.isPersistent()) {
+ IoUtils.safeClose(getChannel().getSourceChannel());
+ }
}
@Override
diff --git a/core/src/main/java/io/undertow/server/protocol/http/HttpServerConnection.java b/core/src/main/java/io/undertow/server/protocol/http/HttpServerConnection.java
index 0128e9b..63bcdd6 100644
--- a/core/src/main/java/io/undertow/server/protocol/http/HttpServerConnection.java
+++ b/core/src/main/java/io/undertow/server/protocol/http/HttpServerConnection.java
@@ -36,6 +36,8 @@ import io.undertow.util.Headers;
import io.undertow.util.HttpString;
import io.undertow.util.ImmediatePooledByteBuffer;
import io.undertow.util.Methods;
+
+import org.xnio.IoUtils;
import org.xnio.OptionMap;
import io.undertow.connector.ByteBufferPool;
import io.undertow.connector.PooledByteBuffer;
@@ -135,7 +137,9 @@ public final class HttpServerConnection extends AbstractServerConnection {
@Override
public void terminateRequestChannel(HttpServerExchange exchange) {
-
+ if (!exchange.isPersistent()) {
+ IoUtils.safeClose(getChannel().getSourceChannel());
+ }
}
/**
--
2.23.0

48
CVE-2020-10719.patch
View File

@ -1,48 +0,0 @@
From bfc8fbd67f6b3dd96702b363f61cf805baf3c6cf Mon Sep 17 00:00:00 2001
From: Bartosz Spyrko-Smietanko <bspyrkos@redhat.com>
Date: Tue, 25 Feb 2020 13:26:20 +0000
Subject: [PATCH] [UNDERTOW-1708][JBEAP-18537] Fix overflow of chunk size
---
core/src/main/java/io/undertow/UndertowMessages.java | 3 +++
core/src/main/java/io/undertow/conduits/ChunkReader.java | 5 +++++
2 files changed, 8 insertions(+)
diff --git a/core/src/main/java/io/undertow/UndertowMessages.java b/core/src/main/java/io/undertow/UndertowMessages.java
index fbde7d1..3aa4ad8 100644
--- a/core/src/main/java/io/undertow/UndertowMessages.java
+++ b/core/src/main/java/io/undertow/UndertowMessages.java
@@ -471,4 +471,7 @@ public interface UndertowMessages {
@Message(id = 147, value = "No host header in a HTTP/1.1 request")
IOException noHostInHttp11Request();
+
+ @Message(id = 195, value = "Chunk size too large")
+ IOException chunkSizeTooLarge();
}
diff --git a/core/src/main/java/io/undertow/conduits/ChunkReader.java b/core/src/main/java/io/undertow/conduits/ChunkReader.java
index 21ef002..e064f71 100644
--- a/core/src/main/java/io/undertow/conduits/ChunkReader.java
+++ b/core/src/main/java/io/undertow/conduits/ChunkReader.java
@@ -48,6 +48,8 @@ class ChunkReader<T extends Conduit> {
private static final long MASK_COUNT = longBitMask(0, 56);
+ private static final long LIMIT = Long.MAX_VALUE >> 4;
+
private long state;
private final Attachable attachable;
private final AttachmentKey<HeaderMap> trailerAttachmentKey;
@@ -103,6 +105,9 @@ class ChunkReader<T extends Conduit> {
while (buf.hasRemaining()) {
byte b = buf.get();
if ((b >= '0' && b <= '9') || (b >= 'a' && b <= 'f') || (b >= 'A' && b <= 'F')) {
+ if (chunkRemaining > LIMIT) {
+ throw UndertowMessages.MESSAGES.chunkSizeTooLarge();
+ }
chunkRemaining <<= 4; //shift it 4 bytes and then add the next value to the end
chunkRemaining += Character.digit((char) b, 16);
} else {
--
2.23.0

25
CVE-2023-1108.patch
View File

@ -1,25 +0,0 @@
From b98b55c993e3163e22121935f826adc8c4025c86 Mon Sep 17 00:00:00 2001
From: mayp <mayanping@ncti-gba.cn>
Date: Mon, 3 Apr 2023 18:02:05 +0800
Subject: [PATCH] Fix CVE-2023-1108
---
core/src/main/java/io/undertow/protocols/ssl/SslConduit.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java b/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
index 3084915..dde0e0c 100644
--- a/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
+++ b/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
@@ -852,7 +852,7 @@ public class SslConduit implements StreamSourceConduit, StreamSinkConduit {
}
try {
SSLEngineResult result = null;
- while (result == null || (result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP && result.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW)) {
+ while (result == null || (result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP && result.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW && !engine.isInboundDone())) {
if (userBuffers == null) {
result = engine.wrap(EMPTY_BUFFER, wrappedData.getBuffer());
} else {
--
2.36.1

29
undertow.spec
View File

@ -2,17 +2,13 @@
%global namedversion %{version}%{?namedreltag} %global namedversion %{version}%{?namedreltag}
Name: undertow Name: undertow
Version: 1.4.0 Version: 1.4.0
Release: 6 Release: 1
Summary: Java web server using non-blocking IO Summary: Java web server using non-blocking IO
License: ASL 2.0 License: ASL 2.0
URL: http://undertow.io/ URL: http://undertow.io/
Source0: https://github.com/undertow-io/undertow/archive/%{namedversion}/%{name}-%{namedversion}.tar.gz Source0: https://github.com/undertow-io/undertow/archive/%{namedversion}/%{name}-%{namedversion}.tar.gz
# Remove unavailable methods in jetty-alpn-api-1.1.0 # Remove unavailable methods in jetty-alpn-api-1.1.0
Patch0: undertow-1.4.0-jetty-alpn-api-1.1.0.patch Patch0: undertow-1.4.0-jetty-alpn-api-1.1.0.patch
Patch1: CVE-2020-10705.patch
Patch2: CVE-2019-3888.patch
Patch3: CVE-2020-10719.patch
Patch4: CVE-2023-1108.patch
BuildArch: noarch BuildArch: noarch
Epoch: 1 Epoch: 1
BuildRequires: maven-local mvn(junit:junit) mvn(org.eclipse.jetty.alpn:alpn-api) BuildRequires: maven-local mvn(junit:junit) mvn(org.eclipse.jetty.alpn:alpn-api)
@ -36,15 +32,7 @@ This package contains the API documentation for %{name}.
%prep %prep
%setup -q -n %{name}-%{namedversion} %setup -q -n %{name}-%{namedversion}
%patch0 -p1 %patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
rm -rf mac-jdk-fix rm -rf mac-jdk-fix
#Remove test cases suspected of containing viruses
rm -rf servlet/src/test/java/io/undertow/servlet/test/proprietry/TransferTestCase.java
%pom_disable_module examples %pom_disable_module examples
%pom_remove_plugin -r :maven-checkstyle-plugin %pom_remove_plugin -r :maven-checkstyle-plugin
%pom_remove_plugin org.bitstrings.maven.plugins:dependencypath-maven-plugin core %pom_remove_plugin org.bitstrings.maven.plugins:dependencypath-maven-plugin core
@ -72,20 +60,5 @@ done
%license LICENSE.txt %license LICENSE.txt
%changelog %changelog
* Tue Jun 13 2023 liyanan <thistleslyn@163.com> - 1:1.4.0-6
- Delete TransferTestCase.java TestCase
* Mon Apr 3 2023 mayp <mayanping@ncti-gba.cn> - 1:1.4.0-5
- Fix CVE-2023-1108
* Wed Oct 29 2021 wangkai <wangkai385@huawei.com> - 1.4.0-4
- Fix CVE-2020-10719
* Wed Oct 28 2021 wangkai <wangkai385@huawei.com> - 1.4.0-3
- Fix CVE-2019-3888
* Wed Oct 27 2021 houyingchao <houyingchao@huawei.com> - 1.4.0-2
- Fix CVE-2020-10705
* Wed Aug 19 2020 maminjie <maminjie1@huawei.com> - 1.4.0-1 * Wed Aug 19 2020 maminjie <maminjie1@huawei.com> - 1.4.0-1
- package init - package init