fix CVE-2020-1695

(cherry picked from commit 95273dc2f89af073a91d533c5deb6c5d6f22d7e8)
2022-01-04 14:27:36 +08:00 · 2022-01-04 14:27:36 +08:00 · 1b9101b2fc
commit 1b9101b2fc
parent 52208ba093
2 changed files with 50 additions and 1 deletions
--- a/CVE-2020-1695.patch
+++ b/CVE-2020-1695.patch
@ -0,0 +1,44 @@
+From acf15f2a8067f7e4cf5838342cecfa0b78a174fb Mon Sep 17 00:00:00 2001
+From: Bartosz Spyrko-Smietanko <bspyrkos@redhat.com>
+Date: Thu, 16 Apr 2020 14:01:17 +0100
+Subject: [PATCH] [RESTEASY-2559] Improper validation of response header in
+ MediaTypeHeaderDelegate.java class
+
+---
+ .../plugins/delegates/MediaTypeHeaderDelegate.java |  1 +
+ .../test/mediatype/MediaTypeHeaderTest.java        | 14 ++++++++++++++
+ 2 files changed, 15 insertions(+)
+ create mode 100644 testsuite/unit-tests/src/test/java/org/jboss/resteasy/test/mediatype/MediaTypeHeaderTest.java
+
+diff --git a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/delegates/MediaTypeHeaderDelegate.java b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/delegates/MediaTypeHeaderDelegate.java
+index ccf08a4622..4e48e622b1 100644
+--- a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/delegates/MediaTypeHeaderDelegate.java
+++ b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/delegates/MediaTypeHeaderDelegate.java
+@@ -49,6 +49,7 @@ protected static boolean isValid(String str)
+             case '[':
+             case ']':
+             case '=':
+            case '\n':
+                return false;
+             default:
+                break;
+diff --git a/testsuite/unit-tests/src/test/java/org/jboss/resteasy/test/mediatype/MediaTypeHeaderTest.java b/testsuite/unit-tests/src/test/java/org/jboss/resteasy/test/mediatype/MediaTypeHeaderTest.java
+new file mode 100644
+index 0000000000..e46f018f7f
+--- /dev/null
+++ b/testsuite/unit-tests/src/test/java/org/jboss/resteasy/test/mediatype/MediaTypeHeaderTest.java
+@@ -0,0 +1,14 @@
+package org.jboss.resteasy.test.mediatype;
+
+import org.jboss.resteasy.plugins.delegates.MediaTypeHeaderDelegate;
+import org.junit.Test;
+
+public class MediaTypeHeaderTest {
+
+   @Test(expected = IllegalArgumentException.class)
+   public void testNewLineInHeaderValueIsRejected() {
+      MediaTypeHeaderDelegate delegate = new MediaTypeHeaderDelegate();
+
+      delegate.fromString("foo/bar\n");
+   }
+}
--- a/resteasy.spec
+++ b/resteasy.spec
@ -2,7 +2,7 @@
 %global namedversion %{version}%{namedreltag}
 Name:                resteasy
 Version:             3.0.19
-Release:             4
+Release:             5
 Summary:             Framework for RESTful Web services and Java applications
 License:             ASL 2.0 and CDDL
 URL:                 https://github.com/resteasy/Resteasy/
@ -13,6 +13,7 @@ Patch2:              CVE-2016-9606.patch
 Patch3:              CVE-2021-20289.patch
 Patch4:              CVE-2020-10688-1.patch
 Patch5:              CVE-2020-10688-2.patch
+Patch6:              CVE-2020-1695.patch

 BuildArch:           noarch
 BuildRequires:       maven-local mvn(com.beust:jcommander) mvn(com.fasterxml:classmate)
@ -203,6 +204,7 @@ find -name '*.jar' -print -delete
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 %pom_disable_module resteasy-spring jaxrs
 %pom_disable_module fastinfoset jaxrs/providers
 %pom_disable_module examples jaxrs
@ -337,6 +339,9 @@ done
 %license jaxrs/License.html

 %changelog
+* Tue Jan 04 2022 wangkai <wangkai385@huawei.com> - 3.0.19-5
+- fix CVE-2020-1695
+
 * Thu Jun 10 2021 wangyue <wangyue92@huawei.com> - 3.0.19-4
 - fix CVE-2020-10688