From b64d327f3da5a431c34ceba25c6eb9fac03c8bde Mon Sep 17 00:00:00 2001
From: wk333 <13474090681@163.com>
Date: Wed, 27 Apr 2022 10:50:33 +0800
Subject: [PATCH] Refix CVE-2021-41079

(cherry picked from commit 8f55dc4d12184c673c32aeaf2948aaa787bd556d)
---
 CVE-2021-41079.patch | 24 +++++++++++++++++++++---
 tomcat.spec          |  7 +++++--
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/CVE-2021-41079.patch b/CVE-2021-41079.patch
index 20d1b47..219c64b 100644
--- a/CVE-2021-41079.patch
+++ b/CVE-2021-41079.patch
@@ -4,8 +4,9 @@ Date: Wed, 3 Mar 2021 12:00:46 +0000
 Subject: [PATCH] Improve robustness
 
 ---
- java/org/apache/tomcat/util/net/openssl/LocalStrings.properties | 1 +
- 1 file changed, 1 insertion(+)
+ .../apache/tomcat/util/net/openssl/LocalStrings.properties  | 1 +
+ java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java  | 6 ++++--
+ 2 files changed, 5 insertions(+), 2 deletions(-)
 
 diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
 index 1919159..1ab5f43 100644
@@ -19,6 +20,23 @@ index 1919159..1ab5f43 100644
  engine.unsupportedProtocol=Protocol [{0}] is not supported
  engine.unverifiedPeer=Peer unverified
  engine.noSession=SSL session ID not available
+diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+index 15c6f56..b837fd6 100644
+--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
++++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+@@ -593,8 +593,10 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
+                     throw new SSLException(e);
+                 }
+ 
+-                if (bytesRead == 0) {
+-                    break;
++                if (bytesRead <= 0) {
++                    // This should not be possible. pendingApp is positive
++                    // therefore the read should have read at least one byte.
++                    throw new IllegalStateException(sm.getString("engine.failedToReadAvailableBytes"));
+                 }
+ 
+                 bytesProduced += bytesRead;
 -- 
-2.23.0
+2.27.0
 
diff --git a/tomcat.spec b/tomcat.spec
index f1d67ec..05848c5 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -13,12 +13,12 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       25
+Release:       26
 Summary:       Implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies
 License:       ASL 2.0
 URL:           http://tomcat.apache.org/
 
-Source0:       https://github.com/apache/tomcat/archive/%{version}.tar.gz 
+Source0:       https://github.com/apache/tomcat/archive/%{version}.tar.gz
 Source1:       %{name}-%{major_version}.%{minor_version}.conf
 Source3:       %{name}-%{major_version}.%{minor_version}.sysconfig
 Source4:       %{name}-%{major_version}.%{minor_version}.wrapper
@@ -502,6 +502,9 @@ fi
 %{_javadocdir}/%{name}
 
 %changelog
+* Mon Apr 25 2022 wangkai <wangkai@h-partners.com - 1:9.0.10-26
+- Refix CVE-2021-41079
+
 * Fri Feb 18 2022 wangkai <wangkai385@huawei.com> - 1:9.0.10-25
 - Fix CVE-2022-23181
 
-- 
Gitee