packages/apache-mina
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!9 fix CVE-2021-41973

Browse Source 
From: @wk333
Reviewed-by: @xiezhipeng1
Signed-off-by: @xiezhipeng1
This commit is contained in:
openeuler-ci-bot 2021-11-09 01:33:01 +00:00 committed by Gitee
commit dfbdccdbe8
2 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
CVE-2021-41973.patch Normal file
View File

@ -0,0 +1,22 @@
From 3a91690e574a69875a2fca1f0e363b0b9ff00469 Mon Sep 17 00:00:00 2001
From: Jonathan Valliere <johnnyv@apache.org>
Date: Thu, 14 Oct 2021 23:34:17 -0400
Subject: [PATCH] Backport fix for malformed HTTP decoder loop
---
.../src/main/java/org/apache/mina/http/HttpServerDecoder.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mina-http/src/main/java/org/apache/mina/http/HttpServerDecoder.java b/mina-http/src/main/java/org/apache/mina/http/HttpServerDecoder.java
index 4f9ed5998..d861216e6 100644
--- a/mina-http/src/main/java/org/apache/mina/http/HttpServerDecoder.java
+++ b/mina-http/src/main/java/org/apache/mina/http/HttpServerDecoder.java
@@ -194,7 +194,7 @@ public void dispose(IoSession session) throws Exception {
}
private HttpRequestImpl parseHttpRequestHead(ByteBuffer buffer) {
- String raw = new String(buffer.array(), 0, buffer.limit());
+ String raw = new String(buffer.array(), buffer.position(), buffer.remaining());
String[] headersAndBody = RAW_VALUE_PATTERN.split(raw, -1);
if (headersAndBody.length <= 1) {

9
apache-mina.spec
View File

@ -1,10 +1,11 @@
Name: apache-mina
Version: 2.0.21
Release: 1
Release: 2
Summary: Apache MINA
License: ASL 2.0
URL: http://mina.apache.org
Source0: https://github.com/apache/mina/archive/%{version}.tar.gz
Patch0: CVE-2021-41973.patch
BuildRequires: maven-local mvn(com.jcraft:jzlib) mvn(commons-lang:commons-lang)
BuildRequires: mvn(org.apache:apache:pom:) mvn(org.slf4j:slf4j-api)
BuildRequires: mvn(org.apache.felix:maven-bundle-plugin)
@ -48,6 +49,7 @@ This package provides %{name}.
%prep
%setup -q -n mina-%{version}
%patch0 -p1
sed -i \
-e 's|<packaging>bundle</packaging>|<packaging>jar</packaging>|g' \
-e 's|<type>bundle</type>|<type>jar</type>|g' \
@ -87,7 +89,10 @@ sed -i \
%doc LICENSE.txt NOTICE.txt
%changelog
* Mon 21 Sep wangyue <wangyue92@huawei.com> - 2.0.21-1
* Mon Nov 08 2021 wangkai <wangkai385@huawei.com> - 2.0.21-2
- Fix CVE-2021-41973
* Mon Sep 21 2020 wangyue <wangyue92@huawei.com> - 2.0.21-1
- Fix CVE-2019-0231
* Mon Jul 27 2020 leiju <leiju4@huawei.com> - 2.0.9-1