Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Alex Legler (a3li)" <a3li@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in dev-java/struts/files: struts-CVE-2008-2025.patch
Date: Mon, 24 Aug 2009 08:12:15
Message-Id: E1MfUez-0007LA-2P@stork.gentoo.org
1 a3li 09/08/24 08:12:13
2
3 Added: struts-CVE-2008-2025.patch
4 Log:
5 Non-maintainer commit: Revbump to fix security bug 267081 (CVE-2008-2025).
6 (Portage version: 2.2_rc33/cvs/Linux x86_64)
7
8 Revision Changes Path
9 1.1 dev-java/struts/files/struts-CVE-2008-2025.patch
10
11 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-java/struts/files/struts-CVE-2008-2025.patch?rev=1.1&view=markup
12 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-java/struts/files/struts-CVE-2008-2025.patch?rev=1.1&content-type=text/plain
13
14 Index: struts-CVE-2008-2025.patch
15 ===================================================================
16 diff --git a/src/share/org/apache/struts/taglib/html/BaseHandlerTag.java b/src/share/org/apache/struts/taglib/html/BaseHandlerTag.java
17 index 403ff97..386ccf3 100644
18 --- a/src/share/org/apache/struts/taglib/html/BaseHandlerTag.java
19 +++ b/src/share/org/apache/struts/taglib/html/BaseHandlerTag.java
20 @@ -35,6 +35,7 @@ import org.apache.struts.taglib.TagUtils;
21 import org.apache.struts.taglib.logic.IterateTag;
22 import org.apache.struts.util.MessageResources;
23 import org.apache.struts.util.RequestUtils;
24 +import org.apache.struts.util.ResponseUtils;
25
26 /**
27 * Base class for tags that render form elements capable of including JavaScript
28 @@ -898,10 +899,12 @@ public abstract class BaseHandlerTag extends BodyTagSupport {
29 */
30 protected void prepareAttribute(StringBuffer handlers, String name, Object value) {
31 if (value != null) {
32 + if (name.indexOf('"') >= 0)
33 + throw new IllegalArgumentException("quote character in attribute name");
34 handlers.append(" ");
35 handlers.append(name);
36 handlers.append("=\"");
37 - handlers.append(value);
38 + handlers.append(ResponseUtils.filterIfQuote(value.toString()));
39 handlers.append("\"");
40 }
41 }
42 diff --git a/src/share/org/apache/struts/taglib/html/FormTag.java b/src/share/org/apache/struts/taglib/html/FormTag.java
43 index e8eb9b4..ba2d782 100644
44 --- a/src/share/org/apache/struts/taglib/html/FormTag.java
45 +++ b/src/share/org/apache/struts/taglib/html/FormTag.java
46 @@ -37,6 +37,7 @@ import org.apache.struts.config.ModuleConfig;
47 import org.apache.struts.taglib.TagUtils;
48 import org.apache.struts.util.MessageResources;
49 import org.apache.struts.util.RequestUtils;
50 +import org.apache.struts.util.ResponseUtils;
51
52 /**
53 * Custom tag that represents an input form, associated with a bean whose
54 @@ -547,10 +548,10 @@ public class FormTag extends TagSupport {
55
56 results.append(" action=\"");
57 results.append(
58 - response.encodeURL(
59 + ResponseUtils.filterIfQuote(response.encodeURL(
60 TagUtils.getInstance().getActionMappingURL(
61 this.action,
62 - this.pageContext)));
63 + this.pageContext))));
64
65 results.append("\"");
66 }
67 @@ -580,7 +581,7 @@ public class FormTag extends TagSupport {
68 results.append("<div><input type=\"hidden\" name=\"");
69 results.append(Constants.TOKEN_KEY);
70 results.append("\" value=\"");
71 - results.append(token);
72 + results.append(ResponseUtils.filterIfQuote(token));
73 if (this.isXhtml()) {
74 results.append("\" />");
75 } else {
76 @@ -598,10 +599,12 @@ public class FormTag extends TagSupport {
77 */
78 protected void renderAttribute(StringBuffer results, String attribute, String value) {
79 if (value != null) {
80 + if (attribute.indexOf('"') >= 0)
81 + throw new IllegalArgumentException("quote character in attribute name");
82 results.append(" ");
83 results.append(attribute);
84 results.append("=\"");
85 - results.append(value);
86 + results.append(ResponseUtils.filterIfQuote(value));
87 results.append("\"");
88 }
89 }
90 diff --git a/src/share/org/apache/struts/taglib/html/HtmlTag.java b/src/share/org/apache/struts/taglib/html/HtmlTag.java
91 index fb64875..d4da38d 100644
92 --- a/src/share/org/apache/struts/taglib/html/HtmlTag.java
93 +++ b/src/share/org/apache/struts/taglib/html/HtmlTag.java
94 @@ -29,6 +29,7 @@ import javax.servlet.jsp.tagext.TagSupport;
95 import org.apache.struts.Globals;
96 import org.apache.struts.taglib.TagUtils;
97 import org.apache.struts.util.MessageResources;
98 +import org.apache.struts.util.ResponseUtils;
99
100 /**
101 * Renders an HTML <html> element with appropriate language attributes if
102 @@ -151,20 +152,20 @@ public class HtmlTag extends TagSupport {
103
104 if ((this.lang || this.locale || this.xhtml) && validLanguage) {
105 sb.append(" lang=\"");
106 - sb.append(language);
107 + sb.append(ResponseUtils.filterIfQuote(language));
108 if (validCountry) {
109 sb.append("-");
110 - sb.append(country);
111 + sb.append(ResponseUtils.filterIfQuote(country));
112 }
113 sb.append("\"");
114 }
115
116 if (this.xhtml && validLanguage) {
117 sb.append(" xml:lang=\"");
118 - sb.append(language);
119 + sb.append(ResponseUtils.filterIfQuote(language));
120 if (validCountry) {
121 sb.append("-");
122 - sb.append(country);
123 + sb.append(ResponseUtils.filterIfQuote(country));
124 }
125 sb.append("\"");
126 }
127 diff --git a/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java b/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java
128 index 77d7dba..5da8317 100644
129 --- a/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java
130 +++ b/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java
131 @@ -45,6 +45,7 @@ import org.apache.struts.Globals;
132 import org.apache.struts.action.ActionMapping;
133 import org.apache.struts.config.ModuleConfig;
134 import org.apache.struts.taglib.TagUtils;
135 +import org.apache.struts.util.ResponseUtils;
136 import org.apache.struts.util.MessageResources;
137 import org.apache.struts.validator.Resources;
138 import org.apache.struts.validator.ValidatorPlugIn;
139 @@ -850,7 +851,7 @@ public class JavascriptValidatorTag extends BodyTagSupport {
140 }
141
142 if (this.src != null) {
143 - start.append(" src=\"" + src + "\"");
144 + start.append(" src=\"" + ResponseUtils.filterIfQuote(src) + "\"");
145 }
146
147 start.append("> \n");
148 diff --git a/src/share/org/apache/struts/taglib/html/OptionTag.java b/src/share/org/apache/struts/taglib/html/OptionTag.java
149 index 4df5c95..e9e4b2e 100644
150 --- a/src/share/org/apache/struts/taglib/html/OptionTag.java
151 +++ b/src/share/org/apache/struts/taglib/html/OptionTag.java
152 @@ -26,6 +26,7 @@ import javax.servlet.jsp.tagext.BodyTagSupport;
153 import org.apache.struts.Globals;
154 import org.apache.struts.taglib.TagUtils;
155 import org.apache.struts.util.MessageResources;
156 +import org.apache.struts.util.ResponseUtils;
157
158 /**
159 * Tag for select options. The body of this tag is presented to the user
160 @@ -235,7 +236,7 @@ public class OptionTag extends BodyTagSupport {
161 protected String renderOptionElement() throws JspException {
162 StringBuffer results = new StringBuffer("<option value=\"");
163
164 - results.append(this.value);
165 + results.append(ResponseUtils.filterIfQuote(this.value));
166 results.append("\"");
167 if (disabled) {
168 results.append(" disabled=\"disabled\"");
169 @@ -245,17 +246,17 @@ public class OptionTag extends BodyTagSupport {
170 }
171 if (style != null) {
172 results.append(" style=\"");
173 - results.append(style);
174 + results.append(ResponseUtils.filterIfQuote(style));
175 results.append("\"");
176 }
177 if (styleId != null) {
178 results.append(" id=\"");
179 - results.append(styleId);
180 + results.append(ResponseUtils.filterIfQuote(styleId));
181 results.append("\"");
182 }
183 if (styleClass != null) {
184 results.append(" class=\"");
185 - results.append(styleClass);
186 + results.append(ResponseUtils.filterIfQuote(styleClass));
187 results.append("\"");
188 }
189 results.append(">");
190 diff --git a/src/share/org/apache/struts/taglib/html/OptionsCollectionTag.java b/src/share/org/apache/struts/taglib/html/OptionsCollectionTag.java
191 index 9999259..e5ecb66 100644
192 --- a/src/share/org/apache/struts/taglib/html/OptionsCollectionTag.java
193 +++ b/src/share/org/apache/struts/taglib/html/OptionsCollectionTag.java
194 @@ -30,6 +30,7 @@ import javax.servlet.jsp.tagext.TagSupport;
195
196 import org.apache.commons.beanutils.PropertyUtils;
197 import org.apache.struts.util.IteratorAdapter;
198 +import org.apache.struts.util.ResponseUtils;
199 import org.apache.struts.taglib.TagUtils;
200 import org.apache.struts.util.MessageResources;
201
202 @@ -291,7 +292,7 @@ public class OptionsCollectionTag extends TagSupport {
203 if (filter) {
204 sb.append(TagUtils.getInstance().filter(value));
205 } else {
206 - sb.append(value);
207 + sb.append(ResponseUtils.filterIfQuote(value));
208 }
209 sb.append("\"");
210 if (matched) {
211 @@ -299,12 +300,12 @@ public class OptionsCollectionTag extends TagSupport {
212 }
213 if (style != null) {
214 sb.append(" style=\"");
215 - sb.append(style);
216 + sb.append(ResponseUtils.filterIfQuote(style));
217 sb.append("\"");
218 }
219 if (styleClass != null) {
220 sb.append(" class=\"");
221 - sb.append(styleClass);
222 + sb.append(ResponseUtils.filterIfQuote(styleClass));
223 sb.append("\"");
224 }
225
226 @@ -313,7 +314,7 @@ public class OptionsCollectionTag extends TagSupport {
227 if (filter) {
228 sb.append(TagUtils.getInstance().filter(label));
229 } else {
230 - sb.append(label);
231 + sb.append(ResponseUtils.filterIfQuote(label));
232 }
233
234 sb.append("</option>\r\n");
235 diff --git a/src/share/org/apache/struts/taglib/html/OptionsTag.java b/src/share/org/apache/struts/taglib/html/OptionsTag.java
236 index 90d716a..dbc14cf 100644
237 --- a/src/share/org/apache/struts/taglib/html/OptionsTag.java
238 +++ b/src/share/org/apache/struts/taglib/html/OptionsTag.java
239 @@ -32,6 +32,7 @@ import org.apache.commons.beanutils.PropertyUtils;
240 import org.apache.struts.util.IteratorAdapter;
241 import org.apache.struts.taglib.TagUtils;
242 import org.apache.struts.util.MessageResources;
243 +import org.apache.struts.util.ResponseUtils;
244
245 /**
246 * Tag for creating multiple &lt;select&gt; options from a collection. The
247 @@ -313,7 +314,7 @@ public class OptionsTag extends TagSupport {
248 if (filter) {
249 sb.append(TagUtils.getInstance().filter(value));
250 } else {
251 - sb.append(value);
252 + sb.append(ResponseUtils.filterIfQuote(value));
253 }
254 sb.append("\"");
255 if (matched) {
256 @@ -321,12 +322,12 @@ public class OptionsTag extends TagSupport {
257 }
258 if (style != null) {
259 sb.append(" style=\"");
260 - sb.append(style);
261 + sb.append(ResponseUtils.filterIfQuote(style));
262 sb.append("\"");
263 }
264 if (styleClass != null) {
265 sb.append(" class=\"");
266 - sb.append(styleClass);
267 + sb.append(ResponseUtils.filterIfQuote(styleClass));
268 sb.append("\"");
269 }
270
271 @@ -335,7 +336,7 @@ public class OptionsTag extends TagSupport {
272 if (filter) {
273 sb.append(TagUtils.getInstance().filter(label));
274 } else {
275 - sb.append(label);
276 + sb.append(ResponseUtils.filterIfQuote(label));
277 }
278
279 sb.append("</option>\r\n");
280 diff --git a/src/share/org/apache/struts/taglib/html/RewriteTag.java b/src/share/org/apache/struts/taglib/html/RewriteTag.java
281 index 804e50c..63a2f03 100644
282 --- a/src/share/org/apache/struts/taglib/html/RewriteTag.java
283 +++ b/src/share/org/apache/struts/taglib/html/RewriteTag.java
284 @@ -24,6 +24,7 @@ import java.util.Map;
285 import javax.servlet.jsp.JspException;
286
287 import org.apache.struts.taglib.TagUtils;
288 +import org.apache.struts.util.ResponseUtils;
289
290 /**
291 * Generate a URL-encoded URI as a string.
292 @@ -72,7 +73,8 @@ public class RewriteTag extends LinkTag {
293 (messages.getMessage("rewrite.url", e.toString()));
294 }
295
296 - TagUtils.getInstance().write(pageContext, url);
297 + TagUtils.getInstance().write(pageContext,
298 + ResponseUtils.filterIfQuote(url));
299
300 return (SKIP_BODY);
301
302 diff --git a/src/share/org/apache/struts/util/ResponseUtils.java b/src/share/org/apache/struts/util/ResponseUtils.java
303 index 4588bb2..fe7e517 100644
304 --- a/src/share/org/apache/struts/util/ResponseUtils.java
305 +++ b/src/share/org/apache/struts/util/ResponseUtils.java
306 @@ -137,6 +137,37 @@ public class ResponseUtils {
307 }
308
309
310 + /**
311 + * Replace double-quote characters in the input string with
312 + * proper HTML encoding.
313 + *
314 + * No other HTML-encoding is performed. As a result, the return value
315 + * can only be safely used in (X)HTML attributes surrounded by
316 + * double-quote characters (<code>"</code>).
317 + *
318 + * <p>Note that you should not use this function in new code.
319 + * It is only intended for old code which needs to be
320 + * backwards-compatible with incompletely-quoted attributes.
321 + *
322 + * @return a fresh string object if quoting is needed,
323 + * otherwise the input string
324 + */
325 + public static String filterIfQuote(String value) {
326 + if (value == null)
327 + return null;
328 + if (value.indexOf('"') >= 0) {
329 + StringBuffer sb = new StringBuffer(value.length() + 2);
330 + for (int i = 0; i < value.length(); ++i) {
331 + final char ch = value.charAt(i);
332 + if (ch == '"')
333 + sb.append("&quot;");
334 + else
335 + sb.append(ch);
336 + }
337 + return sb.toString();
338 + }
339 + return value;
340 + }
341
342
343 /**
Report Message
Find on MARC Find on Google Groups