[prev in list] [next in list] [prev in thread] [next in thread]
List: slide-dev
Subject: svn commit: r590976 -
From: ozeigermann () apache ! org
Date: 2007-11-01 12:26:24
Message-ID: 20071101122624.DD2351A9838 () eris ! apache ! org
[Download RAW message or body]
Author: ozeigermann
Date: Thu Nov 1 05:26:24 2007
New Revision: 590976
URL: http://svn.apache.org/viewvc?rev=590976&view=rev
Log:
Quick-fix for security issue raised here
www.milw0rm.com/exploits/4567
Modified:
jakarta/slide/trunk/src/webdav/server/org/apache/slide/webdav/method/LockMethod.java
Modified: jakarta/slide/trunk/src/webdav/server/org/apache/slide/webdav/method/LockMethod.java
URL: http://svn.apache.org/viewvc/jakarta/slide/trunk/src/webdav/server/org/apache/slide/webdav/method/LockMethod.java?rev=590976&r1=590975&r2=590976&view=diff
==============================================================================
--- jakarta/slide/trunk/src/webdav/server/org/apache/slide/webdav/method/LockMethod.java \
(original)
+++ jakarta/slide/trunk/src/webdav/server/org/apache/slide/webdav/method/LockMethod.java \
Thu Nov 1 05:26:24 2007 @@ -303,7 +303,10 @@
* if parsing the request failed or if the request is not valid.
*/
private void parseOwner(Element ownerElement) throws JDOMException {
+ lockInfo_lockOwner = DEFAULT_LOCK_OWNER;
+ // ozeigermann, 1. November 2007: Had to disable this part due to an exploit \
caused by JDOM (as it seems): http://www.milw0rm.com/exploits/4567 + /*
if (ownerElement == null) {
lockInfo_lockOwner = DEFAULT_LOCK_OWNER;
return;
@@ -326,6 +329,7 @@
//throw new JDOMException("<"+E_OWNER+"> element must not be
// empty");
}
+ */
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-dev-help@jakarta.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic