From e9e7a4901400b25b638217d5d1ffc6b040ab4ba3 Mon Sep 17 00:00:00 2001
From: wk333 <13474090681@163.com>
Date: Mon, 25 Apr 2022 11:17:35 +0800
Subject: [PATCH] Refix CVE-2021-41079

(cherry picked from commit 559c13cec05f007a81db8d255c83dbdc2aa3adef)
---
 CVE-2021-41079.patch | 24 +++++++++++++++++++++---
 tomcat.spec          |  5 ++++-
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/CVE-2021-41079.patch b/CVE-2021-41079.patch
index 20d1b47..219c64b 100644
--- a/CVE-2021-41079.patch
+++ b/CVE-2021-41079.patch
@@ -4,8 +4,9 @@ Date: Wed, 3 Mar 2021 12:00:46 +0000
 Subject: [PATCH] Improve robustness
 
 ---
- java/org/apache/tomcat/util/net/openssl/LocalStrings.properties | 1 +
- 1 file changed, 1 insertion(+)
+ .../apache/tomcat/util/net/openssl/LocalStrings.properties  | 1 +
+ java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java  | 6 ++++--
+ 2 files changed, 5 insertions(+), 2 deletions(-)
 
 diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
 index 1919159..1ab5f43 100644
@@ -19,6 +20,23 @@ index 1919159..1ab5f43 100644
  engine.unsupportedProtocol=Protocol [{0}] is not supported
  engine.unverifiedPeer=Peer unverified
  engine.noSession=SSL session ID not available
+diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+index 15c6f56..b837fd6 100644
+--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
++++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+@@ -593,8 +593,10 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
+                     throw new SSLException(e);
+                 }
+ 
+-                if (bytesRead == 0) {
+-                    break;
++                if (bytesRead <= 0) {
++                    // This should not be possible. pendingApp is positive
++                    // therefore the read should have read at least one byte.
++                    throw new IllegalStateException(sm.getString("engine.failedToReadAvailableBytes"));
+                 }
+ 
+                 bytesProduced += bytesRead;
 -- 
-2.23.0
+2.27.0
 
diff --git a/tomcat.spec b/tomcat.spec
index f1d67ec..4ed9f22 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -13,7 +13,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       25
+Release:       26
 Summary:       Implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies
 License:       ASL 2.0
 URL:           http://tomcat.apache.org/
@@ -502,6 +502,9 @@ fi
 %{_javadocdir}/%{name}
 
 %changelog
+* Mon Apr 25 2022 wangkai <wangkai@h-partners.com - 1:9.0.10-26
+- Refix CVE-2021-41079
+
 * Fri Feb 18 2022 wangkai <wangkai385@huawei.com> - 1:9.0.10-25
 - Fix CVE-2022-23181
 
-- 
Gitee