Search
j0ke.net Open Build Service
>
Projects
>
SUSE
:
Manager
:
1.2
>
tomcat6
> apache-tomcat-CVE-2009-0580.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File apache-tomcat-CVE-2009-0580.patch of Package tomcat6
Index: apache-tomcat-6.0.18-src/java/org/apache/catalina/realm/DataSourceRealm.java =================================================================== --- apache-tomcat-6.0.18-src/java/org/apache/catalina/realm/DataSourceRealm.java.orig 2008-01-28 23:41:08.000000000 +0100 +++ apache-tomcat-6.0.18-src/java/org/apache/catalina/realm/DataSourceRealm.java 2009-06-08 11:45:14.240843648 +0200 @@ -270,8 +270,9 @@ */ public Principal authenticate(String username, String credentials) { - // No user - can't possibly authenticate, don't bother the database then - if (username == null) { + // No user or no credentials + // Can't possibly authenticate, don't bother the database then + if (username == null || credentials == null) { return null; } Index: apache-tomcat-6.0.18-src/java/org/apache/catalina/realm/JDBCRealm.java =================================================================== --- apache-tomcat-6.0.18-src/java/org/apache/catalina/realm/JDBCRealm.java.orig 2008-01-28 23:41:08.000000000 +0100 +++ apache-tomcat-6.0.18-src/java/org/apache/catalina/realm/JDBCRealm.java 2009-06-08 11:45:14.240843648 +0200 @@ -392,9 +392,10 @@ String username, String credentials) { - // No user - can't possibly authenticate - if (username == null) { - return (null); + // No user or no credentials + // Can't possibly authenticate, don't bother the database then + if (username == null || credentials == null) { + return null; } // Look up the user's credentials Index: apache-tomcat-6.0.18-src/java/org/apache/catalina/realm/MemoryRealm.java =================================================================== --- apache-tomcat-6.0.18-src/java/org/apache/catalina/realm/MemoryRealm.java.orig 2008-01-28 23:41:10.000000000 +0100 +++ apache-tomcat-6.0.18-src/java/org/apache/catalina/realm/MemoryRealm.java 2009-06-08 11:45:14.272343962 +0200 @@ -148,7 +148,7 @@ (GenericPrincipal) principals.get(username); boolean validated = false; - if (principal != null) { + if (principal != null && credentials != null) { if (hasMessageDigest()) { // Hex hashes should be compared case-insensitive validated = (digest(credentials)