diff -Nru apache-cxf-3.1.6-src/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/BaseUrlHelper.java apache-cxf-3.1.6-src.CVE-2016-6812/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/BaseUrlHelper.java
--- apache-cxf-3.1.6-src/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/BaseUrlHelper.java 2016-03-23 18:30:27.000000000 +0100
+++ apache-cxf-3.1.6-src.CVE-2016-6812/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/BaseUrlHelper.java 2016-12-21 16:20:17.119337970 +0100
@@ -36,9 +36,8 @@
*/
public static String getBaseURL(HttpServletRequest request) {
String reqPrefix = request.getRequestURL().toString();
- String pathInfo = request.getPathInfo() == null ? "" : request.getPathInfo();
- //fix for CXF-898
- if (!"/".equals(pathInfo) || reqPrefix.endsWith("/")) {
+ String pathInfo = request.getPathInfo();
+ if (!"/".equals(pathInfo) || reqPrefix.contains(";")) {
StringBuilder sb = new StringBuilder();
// request.getScheme(), request.getLocalName() and request.getLocalPort()
// should be marginally cheaper - provided request.getLocalName() does
@@ -47,8 +46,15 @@
URI uri = URI.create(reqPrefix);
sb.append(uri.getScheme()).append("://").append(uri.getRawAuthority());
- sb.append(request.getContextPath()).append(request.getServletPath());
-
+ String contextPath = request.getContextPath();
+ if (contextPath != null) {
+ sb.append(contextPath);
+ }
+ String servletPath = request.getServletPath();
+ if (servletPath != null) {
+ sb.append(servletPath);
+ }
+
reqPrefix = sb.toString();
}
return reqPrefix;
diff -Nru apache-cxf-3.1.6-src/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/FormattedServiceListWriter.java apache-cxf-3.1.6-src.CVE-2016-6812/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/FormattedServiceListWriter.java
--- apache-cxf-3.1.6-src/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/FormattedServiceListWriter.java 2016-03-23 18:30:27.000000000 +0100
+++ apache-cxf-3.1.6-src.CVE-2016-6812/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/FormattedServiceListWriter.java 2016-12-21 16:27:24.088369796 +0100
@@ -129,7 +129,11 @@
return null;
}
} else {
- return basePath + endpointAddress;
+ String address = basePath;
+ if (address.endsWith("/") && endpointAddress.startsWith("/")) {
+ address = address.substring(0, address.length() - 1);
+ }
+ return address + endpointAddress;
}
}
diff -Nru apache-cxf-3.1.6-src/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListGeneratorServlet.java apache-cxf-3.1.6-src.CVE-2016-6812/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListGeneratorServlet.java
--- apache-cxf-3.1.6-src/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListGeneratorServlet.java 2016-03-23 18:30:27.000000000 +0100
+++ apache-cxf-3.1.6-src.CVE-2016-6812/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListGeneratorServlet.java 2016-12-21 16:25:17.063781834 +0100
@@ -111,9 +111,25 @@
String styleSheetPath;
if (serviceListStyleSheet != null) {
styleSheetPath = request.getContextPath() + "/" + serviceListStyleSheet;
-
} else {
- styleSheetPath = request.getRequestURI() + "/?stylesheet=1";
+ styleSheetPath = "";
+ String contextPath = request.getContextPath();
+ if (contextPath != null) {
+ styleSheetPath += contextPath;
+ }
+ String servletPath = request.getServletPath();
+ if (servletPath != null) {
+ styleSheetPath += servletPath;
+ }
+ String pathInfo = request.getPathInfo();
+ if (pathInfo != null) {
+ styleSheetPath += pathInfo;
+ }
+
+ if (!styleSheetPath.endsWith("/")) {
+ styleSheetPath += "/";
+ }
+ styleSheetPath += "?stylesheet=1";
}
serviceListWriter =
new FormattedServiceListWriter(styleSheetPath, title, showForeignContexts, atomMap);