From 723c584284fb491ad653dfd3a46d4b836ac9d298 Mon Sep 17 00:00:00 2001
From: wk333 <13474090681@163.com>
Date: Fri, 18 Feb 2022 10:47:30 +0800
Subject: [PATCH] Fix CVE-2022-23181

(cherry picked from commit 002e53906d56d1be5c33056a57c3bdc7af994e32)
---
 CVE-2022-23181.patch | 30 ++++++++++++++++++++++++++++++
 tomcat.spec          |  6 +++++-
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2022-23181.patch

diff --git a/CVE-2022-23181.patch b/CVE-2022-23181.patch
new file mode 100644
index 0000000..9c9b55e
--- /dev/null
+++ b/CVE-2022-23181.patch
@@ -0,0 +1,30 @@
+From 1385c624b4a1e994426e810075c850edc38a700e Mon Sep 17 00:00:00 2001
+From: Mark Thomas <markt@apache.org>
+Date: Wed, 12 Jan 2022 11:11:29 +0000
+Subject: [PATCH] Make calculation of session storage location more robust
+
+---
+ java/org/apache/catalina/session/FileStore.java | 5 +++--
+ 1 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/java/org/apache/catalina/session/FileStore.java b/java/org/apache/catalina/session/FileStore.java
+index cac6027abdc..e42a72a4c87 100644
+--- a/java/org/apache/catalina/session/FileStore.java
++++ b/java/org/apache/catalina/session/FileStore.java
+@@ -349,13 +349,14 @@ private File file(String id) throws IOException {
+ 
+         String filename = id + FILE_EXT;
+         File file = new File(storageDir, filename);
++        File canonicalFile = file.getCanonicalFile();
+ 
+         // Check the file is within the storage directory
+-        if (!file.getCanonicalFile().toPath().startsWith(storageDir.getCanonicalFile().toPath())) {
++        if (!canonicalFile.toPath().startsWith(storageDir.getCanonicalFile().toPath())) {
+             log.warn(sm.getString("fileStore.invalid", file.getPath(), id));
+             return null;
+         }
+ 
+-        return file;
++        return canonicalFile;
+     }
+ }
diff --git a/tomcat.spec b/tomcat.spec
index 67e185c..f1d67ec 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -13,7 +13,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       24
+Release:       25
 Summary:       Implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies
 License:       ASL 2.0
 URL:           http://tomcat.apache.org/
@@ -100,6 +100,7 @@ Patch6055: CVE-2021-30640-7.patch
 Patch6056: CVE-2021-30640-8.patch
 Patch6057: CVE-2021-41079.patch
 Patch6058: CVE-2021-42340.patch
+Patch6069: CVE-2022-23181.patch
 
 BuildRequires: ecj >= 1:4.6.1 findutils apache-commons-collections apache-commons-daemon
 BuildRequires: apache-commons-dbcp apache-commons-pool tomcat-taglibs-standard ant
@@ -501,6 +502,9 @@ fi
 %{_javadocdir}/%{name}
 
 %changelog
+* Fri Feb 18 2022 wangkai <wangkai385@huawei.com> - 1:9.0.10-25
+- Fix CVE-2022-23181
+
 * Wed Nov 10 2021 caodongxia <caodongxia@huawei.com> - 1:9.0.10-24
 - Replace recommends libtcnative-1-0 with requires libtcnative-1-0
 
-- 
Gitee