packages/xmlrpc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
xmlrpc/CVE-2019-17570.patch
starlet-dx 4eef6365a7 Fix CVE-2019-17570 
(cherry picked from commit 86598f1c0ddbf91da18e3808ad8124c26708cfe4)
2022-02-26 09:35:47 +08:00

49 lines
1.9 KiB
Diff
Raw Blame History

From: Markus Koschany <apo@debian.org>
Date: Mon, 27 Jan 2020 19:40:57 +0100
Subject: CVE-2019-17570
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1775193
---
.../apache/xmlrpc/parser/XmlRpcResponseParser.java | 28 ++++++++++++----------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git a/common/src/main/java/org/apache/xmlrpc/parser/XmlRpcResponseParser.java b/common/src/main/java/org/apache/xmlrpc/parser/XmlRpcResponseParser.java
index 087572b..f1b2427 100644
--- a/common/src/main/java/org/apache/xmlrpc/parser/XmlRpcResponseParser.java
+++ b/common/src/main/java/org/apache/xmlrpc/parser/XmlRpcResponseParser.java
@@ -69,19 +69,21 @@ public class XmlRpcResponseParser extends RecursiveTypeParserImpl {
getDocumentLocator());
}
errorMessage = (String) map.get("faultString");
- Object exception = map.get("faultCause");
- if (exception != null) {
- try {
- byte[] bytes = (byte[]) exception;
- ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
- ObjectInputStream ois = new ObjectInputStream(bais);
- errorCause = (Throwable) ois.readObject();
- ois.close();
- bais.close();
- } catch (Throwable t) {
- // Ignore me
- }
- }
+ if (((XmlRpcStreamRequestConfig)cfg).isEnabledForExceptions()) {
+ Object exception = map.get("faultCause");
+ if (exception != null) {
+ try {
+ byte[] bytes = (byte[]) exception;
+ ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
+ ObjectInputStream ois = new ObjectInputStream(bais);
+ errorCause = (Throwable) ois.readObject();
+ ois.close();
+ bais.close();
+ } catch (Throwable t) {
+ // Ignore me
+ }
+ }
+ }
}
}
Reference in New Issue View Git Blame Copy Permalink