Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
jakarta-commons-fileupload.28093
jakarta-commons-fileupload-CVE-2014-0050-DOS-bu...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File jakarta-commons-fileupload-CVE-2014-0050-DOS-buffer-overflow.patch of Package jakarta-commons-fileupload.28093
--- commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/FileUploadBase.java 2006-06-08 10:14:31.000000000 +0200 +++ commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/FileUploadBase.java 2014-04-02 15:08:19.683187831 +0200 @@ -15,6 +15,8 @@ */ package org.apache.commons.fileupload; +import static java.lang.String.format; + import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; @@ -158,6 +160,8 @@ */ public static final int MAX_HEADER_SIZE = 1024; + private MultipartStream multi; + // ----------------------------------------------------------- Data members @@ -328,7 +332,12 @@ InputStream input = ctx.getInputStream(); - MultipartStream multi = new MultipartStream(input, boundary); + try { + multi = new MultipartStream(input, boundary); + } catch (IllegalArgumentException iae) { + throw new InvalidContentTypeException( + format("The boundary specified in the %s header is too long", CONTENT_TYPE), iae); + } multi.setHeaderEncoding(charEncoding); boolean nextPart = multi.skipPreamble(); @@ -601,6 +610,10 @@ public InvalidContentTypeException(String message) { super(message); } + + public InvalidContentTypeException(String msg, Throwable cause) { + super(msg, cause); + } } diff -urN commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/MultipartStream.java commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/MultipartStream.java --- commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/MultipartStream.java 2006-06-08 10:14:30.000000000 +0200 +++ commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/MultipartStream.java 2014-04-02 14:23:47.116940699 +0200 @@ -259,8 +259,12 @@ // We prepend CR/LF to the boundary to chop trailng CR/LF from // body-data tokens. - this.boundary = new byte[boundary.length + BOUNDARY_PREFIX.length]; this.boundaryLength = boundary.length + BOUNDARY_PREFIX.length; + if (bufSize < this.boundaryLength + 1) { + throw new IllegalArgumentException( + "The buffer size specified for the MultipartStream is too small"); + } + this.boundary = new byte[this.boundaryLength]; this.keepRegion = boundary.length + KEEP_REGION_PAD; System.arraycopy(BOUNDARY_PREFIX, 0, this.boundary, 0, BOUNDARY_PREFIX.length); --- commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/FileUploadException.java 2006-06-08 10:14:30.000000000 +0200 +++ commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/FileUploadException.java 2014-04-02 15:13:02.806214012 +0200 @@ -15,6 +15,9 @@ */ package org.apache.commons.fileupload; +import java.io.PrintStream; +import java.io.PrintWriter; + /** * Exception for errors encountered while processing the request. * @@ -25,9 +28,16 @@ extends Exception { /** + * The exceptions cause. We overwrite the cause of + * the super class, which isn't available in Java 1.3. + */ + private final Throwable cause; + + /** * Constructs a new <code>FileUploadException</code> without message. */ public FileUploadException() { + this(null, null); } /** @@ -37,6 +47,55 @@ * @param msg the error message. */ public FileUploadException(final String msg) { + this(msg, null); + } + + /** + * Creates a new <code>FileUploadException</code> with the given + * detail message and cause. + * + * @param msg The exceptions detail message. + * @param cause The exceptions cause. + */ + public FileUploadException(String msg, Throwable cause) { super(msg); + this.cause = cause; + } + + /** + * Prints this throwable and its backtrace to the specified print stream. + * + * @param stream <code>PrintStream</code> to use for output + */ + @Override + public void printStackTrace(PrintStream stream) { + super.printStackTrace(stream); + if (cause != null) { + stream.println("Caused by:"); + cause.printStackTrace(stream); + } + } + + /** + * Prints this throwable and its backtrace to the specified + * print writer. + * + * @param writer <code>PrintWriter</code> to use for output + */ + @Override + public void printStackTrace(PrintWriter writer) { + super.printStackTrace(writer); + if (cause != null) { + writer.println("Caused by:"); + cause.printStackTrace(writer); + } + } + + /** + * {@inheritDoc} + */ + @Override + public Throwable getCause() { + return cause; } } --- commons-fileupload-1.1.1/src/test/org/apache/commons/fileupload/MultipartStreamTest.java 2006-06-08 10:14:30.000000000 +0200 +++ commons-fileupload-1.1.1.new/src/test/org/apache/commons/fileupload/MultipartStreamTest.java 2014-04-02 15:15:35.770228156 +0200 @@ -39,7 +39,7 @@ final String strData = "foobar"; InputStream input = new ByteArrayInputStream(strData.getBytes()); byte[] boundary = BOUNDARY_TEXT.getBytes(); - int iBufSize = boundary.length; + int iBufSize = boundary.length + MultipartStream.BOUNDARY_PREFIX.length + 1; MultipartStream ms = new MultipartStream( input, boundary,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor