rpms/struts/devel struts-1.2.9-CVE-2008-2025.patch, NONE, 1.1 struts.spec, 1.54, 1.55
dwalluck
dwalluck at fedoraproject.org
Fri Jun 19 21:18:15 UTC 2009
Author: dwalluck
Update of /cvs/pkgs/rpms/struts/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30904
Modified Files:
struts.spec
Added Files:
struts-1.2.9-CVE-2008-2025.patch
Log Message:
- Resolves: CVE-2008-2025
struts-1.2.9-CVE-2008-2025.patch:
--- NEW FILE struts-1.2.9-CVE-2008-2025.patch ---
diff --git a/src/share/org/apache/struts/taglib/html/BaseHandlerTag.java b/src/share/org/apache/struts/taglib/html/BaseHandlerTag.java
index 403ff97..386ccf3 100644
--- a/src/share/org/apache/struts/taglib/html/BaseHandlerTag.java
+++ b/src/share/org/apache/struts/taglib/html/BaseHandlerTag.java
@@ -35,6 +35,7 @@ import org.apache.struts.taglib.TagUtils;
import org.apache.struts.taglib.logic.IterateTag;
import org.apache.struts.util.MessageResources;
import org.apache.struts.util.RequestUtils;
+import org.apache.struts.util.ResponseUtils;
/**
* Base class for tags that render form elements capable of including JavaScript
@@ -898,10 +899,12 @@ public abstract class BaseHandlerTag extends BodyTagSupport {
*/
protected void prepareAttribute(StringBuffer handlers, String name, Object value) {
if (value != null) {
+ if (name.indexOf('"') >= 0)
+ throw new IllegalArgumentException("quote character in attribute name");
handlers.append(" ");
handlers.append(name);
handlers.append("=\"");
- handlers.append(value);
+ handlers.append(ResponseUtils.filterIfQuote(value.toString()));
handlers.append("\"");
}
}
diff --git a/src/share/org/apache/struts/taglib/html/FormTag.java b/src/share/org/apache/struts/taglib/html/FormTag.java
index e8eb9b4..ba2d782 100644
--- a/src/share/org/apache/struts/taglib/html/FormTag.java
+++ b/src/share/org/apache/struts/taglib/html/FormTag.java
@@ -37,6 +37,7 @@ import org.apache.struts.config.ModuleConfig;
import org.apache.struts.taglib.TagUtils;
import org.apache.struts.util.MessageResources;
import org.apache.struts.util.RequestUtils;
+import org.apache.struts.util.ResponseUtils;
/**
* Custom tag that represents an input form, associated with a bean whose
@@ -547,10 +548,10 @@ public class FormTag extends TagSupport {
results.append(" action=\"");
results.append(
- response.encodeURL(
+ ResponseUtils.filterIfQuote(response.encodeURL(
TagUtils.getInstance().getActionMappingURL(
this.action,
- this.pageContext)));
+ this.pageContext))));
results.append("\"");
}
@@ -580,7 +581,7 @@ public class FormTag extends TagSupport {
results.append("<div><input type=\"hidden\" name=\"");
results.append(Constants.TOKEN_KEY);
results.append("\" value=\"");
- results.append(token);
+ results.append(ResponseUtils.filterIfQuote(token));
if (this.isXhtml()) {
results.append("\" />");
} else {
@@ -598,10 +599,12 @@ public class FormTag extends TagSupport {
*/
protected void renderAttribute(StringBuffer results, String attribute, String value) {
if (value != null) {
+ if (attribute.indexOf('"') >= 0)
+ throw new IllegalArgumentException("quote character in attribute name");
results.append(" ");
results.append(attribute);
results.append("=\"");
- results.append(value);
+ results.append(ResponseUtils.filterIfQuote(value));
results.append("\"");
}
}
diff --git a/src/share/org/apache/struts/taglib/html/HtmlTag.java b/src/share/org/apache/struts/taglib/html/HtmlTag.java
index fb64875..d4da38d 100644
--- a/src/share/org/apache/struts/taglib/html/HtmlTag.java
+++ b/src/share/org/apache/struts/taglib/html/HtmlTag.java
@@ -29,6 +29,7 @@ import javax.servlet.jsp.tagext.TagSupport;
import org.apache.struts.Globals;
import org.apache.struts.taglib.TagUtils;
import org.apache.struts.util.MessageResources;
+import org.apache.struts.util.ResponseUtils;
/**
* Renders an HTML <html> element with appropriate language attributes if
@@ -151,20 +152,20 @@ public class HtmlTag extends TagSupport {
if ((this.lang || this.locale || this.xhtml) && validLanguage) {
sb.append(" lang=\"");
- sb.append(language);
+ sb.append(ResponseUtils.filterIfQuote(language));
if (validCountry) {
sb.append("-");
- sb.append(country);
+ sb.append(ResponseUtils.filterIfQuote(country));
}
sb.append("\"");
}
if (this.xhtml && validLanguage) {
sb.append(" xml:lang=\"");
- sb.append(language);
+ sb.append(ResponseUtils.filterIfQuote(language));
if (validCountry) {
sb.append("-");
- sb.append(country);
+ sb.append(ResponseUtils.filterIfQuote(country));
}
sb.append("\"");
}
diff --git a/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java b/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java
index 77d7dba..5da8317 100644
--- a/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java
+++ b/src/share/org/apache/struts/taglib/html/JavascriptValidatorTag.java
@@ -45,6 +45,7 @@ import org.apache.struts.Globals;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.config.ModuleConfig;
import org.apache.struts.taglib.TagUtils;
+import org.apache.struts.util.ResponseUtils;
import org.apache.struts.util.MessageResources;
import org.apache.struts.validator.Resources;
import org.apache.struts.validator.ValidatorPlugIn;
@@ -850,7 +851,7 @@ public class JavascriptValidatorTag extends BodyTagSupport {
}
if (this.src != null) {
- start.append(" src=\"" + src + "\"");
+ start.append(" src=\"" + ResponseUtils.filterIfQuote(src) + "\"");
}
start.append("> \n");
diff --git a/src/share/org/apache/struts/taglib/html/OptionTag.java b/src/share/org/apache/struts/taglib/html/OptionTag.java
index 4df5c95..e9e4b2e 100644
--- a/src/share/org/apache/struts/taglib/html/OptionTag.java
+++ b/src/share/org/apache/struts/taglib/html/OptionTag.java
@@ -26,6 +26,7 @@ import javax.servlet.jsp.tagext.BodyTagSupport;
import org.apache.struts.Globals;
import org.apache.struts.taglib.TagUtils;
import org.apache.struts.util.MessageResources;
+import org.apache.struts.util.ResponseUtils;
/**
* Tag for select options. The body of this tag is presented to the user
@@ -235,7 +236,7 @@ public class OptionTag extends BodyTagSupport {
protected String renderOptionElement() throws JspException {
StringBuffer results = new StringBuffer("<option value=\"");
- results.append(this.value);
+ results.append(ResponseUtils.filterIfQuote(this.value));
results.append("\"");
if (disabled) {
results.append(" disabled=\"disabled\"");
@@ -245,17 +246,17 @@ public class OptionTag extends BodyTagSupport {
}
if (style != null) {
results.append(" style=\"");
- results.append(style);
+ results.append(ResponseUtils.filterIfQuote(style));
results.append("\"");
}
if (styleId != null) {
results.append(" id=\"");
- results.append(styleId);
+ results.append(ResponseUtils.filterIfQuote(styleId));
results.append("\"");
}
if (styleClass != null) {
results.append(" class=\"");
- results.append(styleClass);
+ results.append(ResponseUtils.filterIfQuote(styleClass));
results.append("\"");
}
results.append(">");
diff --git a/src/share/org/apache/struts/taglib/html/OptionsCollectionTag.java b/src/share/org/apache/struts/taglib/html/OptionsCollectionTag.java
index 9999259..e5ecb66 100644
--- a/src/share/org/apache/struts/taglib/html/OptionsCollectionTag.java
+++ b/src/share/org/apache/struts/taglib/html/OptionsCollectionTag.java
@@ -30,6 +30,7 @@ import javax.servlet.jsp.tagext.TagSupport;
import org.apache.commons.beanutils.PropertyUtils;
import org.apache.struts.util.IteratorAdapter;
+import org.apache.struts.util.ResponseUtils;
import org.apache.struts.taglib.TagUtils;
import org.apache.struts.util.MessageResources;
@@ -291,7 +292,7 @@ public class OptionsCollectionTag extends TagSupport {
if (filter) {
sb.append(TagUtils.getInstance().filter(value));
} else {
- sb.append(value);
+ sb.append(ResponseUtils.filterIfQuote(value));
}
sb.append("\"");
if (matched) {
@@ -299,12 +300,12 @@ public class OptionsCollectionTag extends TagSupport {
}
if (style != null) {
sb.append(" style=\"");
- sb.append(style);
+ sb.append(ResponseUtils.filterIfQuote(style));
sb.append("\"");
}
if (styleClass != null) {
sb.append(" class=\"");
- sb.append(styleClass);
+ sb.append(ResponseUtils.filterIfQuote(styleClass));
sb.append("\"");
}
@@ -313,7 +314,7 @@ public class OptionsCollectionTag extends TagSupport {
if (filter) {
sb.append(TagUtils.getInstance().filter(label));
} else {
- sb.append(label);
+ sb.append(ResponseUtils.filterIfQuote(label));
}
sb.append("</option>\r\n");
diff --git a/src/share/org/apache/struts/taglib/html/OptionsTag.java b/src/share/org/apache/struts/taglib/html/OptionsTag.java
index 90d716a..dbc14cf 100644
--- a/src/share/org/apache/struts/taglib/html/OptionsTag.java
+++ b/src/share/org/apache/struts/taglib/html/OptionsTag.java
@@ -32,6 +32,7 @@ import org.apache.commons.beanutils.PropertyUtils;
import org.apache.struts.util.IteratorAdapter;
import org.apache.struts.taglib.TagUtils;
import org.apache.struts.util.MessageResources;
+import org.apache.struts.util.ResponseUtils;
/**
* Tag for creating multiple <select> options from a collection. The
@@ -313,7 +314,7 @@ public class OptionsTag extends TagSupport {
if (filter) {
sb.append(TagUtils.getInstance().filter(value));
} else {
- sb.append(value);
+ sb.append(ResponseUtils.filterIfQuote(value));
}
sb.append("\"");
if (matched) {
@@ -321,12 +322,12 @@ public class OptionsTag extends TagSupport {
}
if (style != null) {
sb.append(" style=\"");
- sb.append(style);
+ sb.append(ResponseUtils.filterIfQuote(style));
sb.append("\"");
}
if (styleClass != null) {
sb.append(" class=\"");
- sb.append(styleClass);
+ sb.append(ResponseUtils.filterIfQuote(styleClass));
sb.append("\"");
}
@@ -335,7 +336,7 @@ public class OptionsTag extends TagSupport {
if (filter) {
sb.append(TagUtils.getInstance().filter(label));
} else {
- sb.append(label);
+ sb.append(ResponseUtils.filterIfQuote(label));
}
sb.append("</option>\r\n");
diff --git a/src/share/org/apache/struts/taglib/html/RewriteTag.java b/src/share/org/apache/struts/taglib/html/RewriteTag.java
index 804e50c..63a2f03 100644
--- a/src/share/org/apache/struts/taglib/html/RewriteTag.java
+++ b/src/share/org/apache/struts/taglib/html/RewriteTag.java
@@ -24,6 +24,7 @@ import java.util.Map;
import javax.servlet.jsp.JspException;
import org.apache.struts.taglib.TagUtils;
+import org.apache.struts.util.ResponseUtils;
/**
* Generate a URL-encoded URI as a string.
@@ -72,7 +73,8 @@ public class RewriteTag extends LinkTag {
(messages.getMessage("rewrite.url", e.toString()));
}
- TagUtils.getInstance().write(pageContext, url);
+ TagUtils.getInstance().write(pageContext,
+ ResponseUtils.filterIfQuote(url));
return (SKIP_BODY);
diff --git a/src/share/org/apache/struts/util/ResponseUtils.java b/src/share/org/apache/struts/util/ResponseUtils.java
index 4588bb2..fe7e517 100644
--- a/src/share/org/apache/struts/util/ResponseUtils.java
+++ b/src/share/org/apache/struts/util/ResponseUtils.java
@@ -137,6 +137,37 @@ public class ResponseUtils {
}
+ /**
+ * Replace double-quote characters in the input string with
+ * proper HTML encoding.
+ *
+ * No other HTML-encoding is performed. As a result, the return value
+ * can only be safely used in (X)HTML attributes surrounded by
+ * double-quote characters (<code>"</code>).
+ *
+ * <p>Note that you should not use this function in new code.
+ * It is only intended for old code which needs to be
+ * backwards-compatible with incompletely-quoted attributes.
+ *
+ * @return a fresh string object if quoting is needed,
+ * otherwise the input string
+ */
+ public static String filterIfQuote(String value) {
+ if (value == null)
+ return null;
+ if (value.indexOf('"') >= 0) {
+ StringBuffer sb = new StringBuffer(value.length() + 2);
+ for (int i = 0; i < value.length(); ++i) {
+ final char ch = value.charAt(i);
+ if (ch == '"')
+ sb.append(""");
+ else
+ sb.append(ch);
+ }
+ return sb.toString();
+ }
+ return value;
+ }
/**
Index: struts.spec
===================================================================
RCS file: /cvs/pkgs/rpms/struts/devel/struts.spec,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -p -r1.54 -r1.55
--- struts.spec 26 Feb 2009 03:24:18 -0000 1.54
+++ struts.spec 19 Jun 2009 21:17:45 -0000 1.55
@@ -54,7 +54,7 @@
Name: struts
Version: 1.2.9
-Release: 6.11%{?dist}
+Release: 6.12%{?dist}
Epoch: 0
Summary: Web application framework
License: ASL 2.0
@@ -71,6 +71,7 @@ Patch4: struts-1.2.9-strutsfaces-exampl
Patch5: struts-1.2.9-strutsfaces-example2-build_xml.patch
Patch6: struts-1.2.9-strutsfaces-systest1-build_xml.patch
Patch7: struts-1.2.9.bz157205.patch
+Patch8: struts-1.2.9-CVE-2008-2025.patch
Url: http://struts.apache.org/
Requires: servletapi5
Requires: jdbc-stdext
@@ -276,8 +277,9 @@ Requires(postun): java-gcj-compat
%package chain-javadoc
Summary: Javadoc for %{name}-chain
Group: Development/Documentation
-Requires(post): /bin/rm,/bin/ln
-Requires(postun): /bin/rm
+# for /bin/rm and /bin/ln
+Requires(post): coreutils
+Requires(postun): coreutils
%description chain-javadoc
%{summary}.
@@ -436,6 +438,7 @@ rm -rf $RPM_BUILD_ROOT
%patch5 -b .sav
%patch6 -b .sav
%patch7 -b .sav
+%patch8 -p1 -b .sav
# remove all binary libs
find . -name "*.jar" -exec rm -f {} \;
@@ -1073,6 +1076,9 @@ fi
%changelog
+* Fri Jun 19 2009 David Walluck <dwalluck at redhat.com> 0:1.2.9-6.12
+- Resolves: CVE-2008-2025
+
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0:1.2.9-6.11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
More information about the fedora-extras-commits
mailing list