Blame SOURCES/tomcat-7.0.76-CVE-2017-5664.patch

867542
--- java/org/apache/catalina/servlets/DefaultServlet.java.orig	2017-06-08 16:12:18.426412964 -0400
867542
+++ java/org/apache/catalina/servlets/DefaultServlet.java	2017-06-08 16:12:18.436413002 -0400
75b9e1
@@ -245,7 +245,7 @@
75b9e1
         urlEncoder.addSafeCharacter('.');
75b9e1
         urlEncoder.addSafeCharacter('*');
75b9e1
         urlEncoder.addSafeCharacter('/');
75b9e1
-        
75b9e1
+
75b9e1
         if (Globals.IS_SECURITY_ENABLED) {
75b9e1
             factory = DocumentBuilderFactory.newInstance();
75b9e1
             factory.setNamespaceAware(true);
75b9e1
@@ -423,6 +423,18 @@
75b9e1
     }
75b9e1
 
75b9e1
 
75b9e1
+    @Override
75b9e1
+    protected void service(HttpServletRequest req, HttpServletResponse resp)
75b9e1
+            throws ServletException, IOException {
75b9e1
+
75b9e1
+        if (req.getDispatcherType() == DispatcherType.ERROR) {
75b9e1
+            doGet(req, resp);
75b9e1
+        } else {
75b9e1
+            super.service(req, resp);
75b9e1
+        }
75b9e1
+    }
75b9e1
+
75b9e1
+
75b9e1
     /**
75b9e1
      * Process a GET request for the specified resource.
75b9e1
      *
75b9e1
@@ -860,8 +872,7 @@
75b9e1
             }
75b9e1
         }
75b9e1
 
75b9e1
-        boolean isError =
75b9e1
-            response.getStatus() >= HttpServletResponse.SC_BAD_REQUEST;
75b9e1
+        boolean isError = DispatcherType.ERROR == request.getDispatcherType();
75b9e1
 
75b9e1
         // Check if the conditions specified in the optional If headers are
75b9e1
         // satisfied.
75b9e1
@@ -1326,7 +1337,7 @@
75b9e1
 
75b9e1
     }
75b9e1
 
75b9e1
-    
75b9e1
+
75b9e1
     /**
75b9e1
      * Return an InputStream to an HTML representation of the contents
75b9e1
      * of this directory.
75b9e1
@@ -1767,15 +1778,15 @@
75b9e1
 
75b9e1
 
75b9e1
     private File validateGlobalXsltFile() {
75b9e1
-        
75b9e1
+
75b9e1
         File result = null;
75b9e1
         String base = System.getProperty(Globals.CATALINA_BASE_PROP);
75b9e1
-        
75b9e1
+
75b9e1
         if (base != null) {
75b9e1
             File baseConf = new File(base, "conf");
75b9e1
             result = validateGlobalXsltFile(baseConf);
75b9e1
         }
75b9e1
-        
75b9e1
+
75b9e1
         if (result == null) {
75b9e1
             String home = System.getProperty(Globals.CATALINA_HOME_PROP);
75b9e1
             if (home != null && !home.equals(base)) {
75b9e1
@@ -2364,6 +2375,8 @@
75b9e1
 
75b9e1
         /**
75b9e1
          * Validate range.
75b9e1
+         *
75b9e1
+         * @return true if the range is valid, otherwise false
75b9e1
          */
75b9e1
         public boolean validate() {
75b9e1
             if (end >= length)
867542
--- java/org/apache/catalina/servlets/WebdavServlet.java.orig	2017-06-08 16:12:18.427412968 -0400
867542
+++ java/org/apache/catalina/servlets/WebdavServlet.java	2017-06-08 16:12:18.436413002 -0400
75b9e1
@@ -40,6 +40,7 @@
75b9e1
 import javax.naming.NamingEnumeration;
75b9e1
 import javax.naming.NamingException;
75b9e1
 import javax.naming.directory.DirContext;
75b9e1
+import javax.servlet.DispatcherType;
75b9e1
 import javax.servlet.RequestDispatcher;
75b9e1
 import javax.servlet.ServletContext;
75b9e1
 import javax.servlet.ServletException;
867542
@@ -354,6 +355,11 @@
75b9e1
             return;
75b9e1
         }
75b9e1
 
75b9e1
+        if (req.getDispatcherType() == DispatcherType.ERROR) {
75b9e1
+            doGet(req, resp);
75b9e1
+            return;
75b9e1
+        }
75b9e1
+
75b9e1
         final String method = req.getMethod();
75b9e1
 
75b9e1
         if (debug > 0) {
867542
--- webapps/docs/changelog.xml.orig	2017-06-08 16:12:18.429412975 -0400
867542
+++ webapps/docs/changelog.xml	2017-06-08 16:13:17.452638065 -0400
867542
@@ -57,6 +57,23 @@
867542
   They eventually become mixed with the numbered issues. (I.e., numbered
867542
   issues do not "pop up" wrt. others).
867542
 -->
867542
+<section name="Tomcat 7.0.76-2 (csutherl)">
867542
+  <subsection name="Catalina">
867542
+    <changelog>
75b9e1
+      <fix>
75b9e1
+        Use a more reliable mechanism for the DefaultServlet when
75b9e1
+        determining if the current request is for custom error page or not.
75b9e1
+        (markt)
75b9e1
+      </fix>
75b9e1
+      <fix>
75b9e1
+        Ensure that when the Default or WebDAV servlets process an error
75b9e1
+        dispatch that the error resource is processed via the
75b9e1
+        doGet() method irrespective of the method used for the
75b9e1
+        original request that triggered the error. (markt)
75b9e1
+      </fix>
867542
+    </changelog>
867542
+  </subsection>
867542
+</section>
867542
 <section name="Tomcat 7.0.76 (violetagg)">
867542
   <subsection name="Catalina">
867542
     <changelog>