packages/apache-mina
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
apache-mina/CVE-2021-41973.patch
wk333 9bc7296e73 Fix CVE-2021-41973
2021-11-08 15:42:42 +08:00

23 lines
1.1 KiB
Diff
Raw Blame History

From 3a91690e574a69875a2fca1f0e363b0b9ff00469 Mon Sep 17 00:00:00 2001
From: Jonathan Valliere <johnnyv@apache.org>
Date: Thu, 14 Oct 2021 23:34:17 -0400
Subject: [PATCH] Backport fix for malformed HTTP decoder loop
---
.../src/main/java/org/apache/mina/http/HttpServerDecoder.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mina-http/src/main/java/org/apache/mina/http/HttpServerDecoder.java b/mina-http/src/main/java/org/apache/mina/http/HttpServerDecoder.java
index 4f9ed5998..d861216e6 100644
--- a/mina-http/src/main/java/org/apache/mina/http/HttpServerDecoder.java
+++ b/mina-http/src/main/java/org/apache/mina/http/HttpServerDecoder.java
@@ -194,7 +194,7 @@ public void dispose(IoSession session) throws Exception {
}
private HttpRequestImpl parseHttpRequestHead(ByteBuffer buffer) {
- String raw = new String(buffer.array(), 0, buffer.limit());
+ String raw = new String(buffer.array(), buffer.position(), buffer.remaining());
String[] headersAndBody = RAW_VALUE_PATTERN.split(raw, -1);
if (headersAndBody.length <= 1) {
Reference in New Issue View Git Blame Copy Permalink