Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
SUSE:SLE-15-SP1:GA
jakarta-commons-fileupload
jakarta-commons-fileupload-CVE-2016-1000031.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File jakarta-commons-fileupload-CVE-2016-1000031.patch of Package jakarta-commons-fileupload
Index: commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/disk/DiskFileItem.java =================================================================== --- commons-fileupload-1.1.1.orig/src/java/org/apache/commons/fileupload/disk/DiskFileItem.java +++ commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/disk/DiskFileItem.java @@ -147,11 +147,6 @@ public class DiskFileItem */ private transient DeferredFileOutputStream dfos; - /** - * File to allow for serialization of the content of this item. - */ - private File dfosFile; - // ----------------------------------------------------------- Constructors @@ -637,76 +632,4 @@ public class DiskFileItem + this.getFieldName(); } - - // -------------------------------------------------- Serialization methods - - - /** - * Writes the state of this object during serialization. - * - * @param out The stream to which the state should be written. - * - * @throws IOException if an error occurs. - */ - private void writeObject(ObjectOutputStream out) throws IOException { - // Read the data - if (dfos.isInMemory()) { - cachedContent = get(); - } else { - cachedContent = null; - dfosFile = dfos.getFile(); - } - - // write out values - out.defaultWriteObject(); - } - - /** - * Reads the state of this object during deserialization. - * - * @param in The stream from which the state should be read. - * - * @throws IOException if an error occurs. - * @throws ClassNotFoundException if class cannot be found. - */ - private void readObject(ObjectInputStream in) - throws IOException, ClassNotFoundException { - // read values - in.defaultReadObject(); - - /* One expected use of serialization is to migrate HTTP sessions - * containing a DiskFileItem between JVMs. Particularly if the JVMs are - * on different machines It is possible that the repository location is - * not valid so validate it. - */ - if (repository != null) { - if (repository.isDirectory()) { - // Check path for nulls - if (repository.getPath().contains("\0")) { - throw new IOException(java.lang.String.format( - "The repository [%s] contains a null character", - repository.getPath())); - } - } else { - throw new IOException(java.lang.String.format( - "The repository [%s] is not a directory", - repository.getAbsolutePath())); - } - } - - OutputStream output = getOutputStream(); - if (cachedContent != null) { - output.write(cachedContent); - } else { - FileInputStream input = new FileInputStream(dfosFile); - - IOUtils.copy(input, output); - dfosFile.delete(); - dfosFile = null; - } - output.close(); - - cachedContent = null; - } - } Index: commons-fileupload-1.1.1/src/test/org/apache/commons/fileupload/DiskFileItemSerializeTest.java =================================================================== --- commons-fileupload-1.1.1.orig/src/test/org/apache/commons/fileupload/DiskFileItemSerializeTest.java +++ commons-fileupload-1.1.1/src/test/org/apache/commons/fileupload/DiskFileItemSerializeTest.java @@ -77,25 +77,7 @@ public class DiskFileItemSerializeTest e assertEquals("Initial: size", item.getSize(), testFieldValueBytes.length); compareBytes("Initial", item.get(), testFieldValueBytes); - // Serialize & Deserialize - try - { - FileItem newItem = (FileItem)serializeDeserialize(item); - - // Test deserialized content is as expected - assertTrue("Check in memory", newItem.isInMemory()); - compareBytes("Check", testFieldValueBytes, newItem.get()); - - // Compare FileItem's (except byte[]) - compareFileItems(item, newItem); - - } - catch(Exception e) - { - fail("Error Serializing/Deserializing: " + e); - } - - + item.delete(); } /** @@ -112,24 +94,7 @@ public class DiskFileItemSerializeTest e assertEquals("Initial: size", item.getSize(), testFieldValueBytes.length); compareBytes("Initial", item.get(), testFieldValueBytes); - - // Serialize & Deserialize - try - { - FileItem newItem = (FileItem)serializeDeserialize(item); - - // Test deserialized content is as expected - assertTrue("Check in memory", newItem.isInMemory()); - compareBytes("Check", testFieldValueBytes, newItem.get()); - - // Compare FileItem's (except byte[]) - compareFileItems(item, newItem); - - } - catch(Exception e) - { - fail("Error Serializing/Deserializing: " + e); - } + item.delete(); } /** @@ -147,34 +112,7 @@ public class DiskFileItemSerializeTest e assertEquals("Initial: size", item.getSize(), testFieldValueBytes.length); compareBytes("Initial", item.get(), testFieldValueBytes); - // Serialize & Deserialize - try - { - FileItem newItem = (FileItem)serializeDeserialize(item); - - // Test deserialized content is as expected - assertFalse("Check in memory", newItem.isInMemory()); - compareBytes("Check", testFieldValueBytes, newItem.get()); - - // Compare FileItem's (except byte[]) - compareFileItems(item, newItem); - - } - catch(Exception e) - { - fail("Error Serializing/Deserializing: " + e); - } - } - - /** - * Compare FileItem's (except the byte[] content) - */ - private void compareFileItems(FileItem origItem, FileItem newItem) { - assertTrue("Compare: is in Memory", origItem.isInMemory() == newItem.isInMemory()); - assertTrue("Compare: is Form Field", origItem.isFormField() == newItem.isFormField()); - assertEquals("Compare: Field Name", origItem.getFieldName(), newItem.getFieldName()); - assertEquals("Compare: Content Type", origItem.getContentType(), newItem.getContentType()); - assertEquals("Compare: File Name", origItem.getName(), newItem.getName()); + item.delete(); } /** @@ -237,35 +175,4 @@ public class DiskFileItemSerializeTest e } - /** - * Do serialization and deserialization. - */ - private Object serializeDeserialize(Object target) { - - // Serialize the test object - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - try { - ObjectOutputStream oos = new ObjectOutputStream(baos); - oos.writeObject(target); - oos.flush(); - oos.close(); - } catch (Exception e) { - fail("Exception during serialization: " + e); - } - - // Deserialize the test object - Object result = null; - try { - ByteArrayInputStream bais = - new ByteArrayInputStream(baos.toByteArray()); - ObjectInputStream ois = new ObjectInputStream(bais); - result = ois.readObject(); - bais.close(); - } catch (Exception e) { - fail("Exception during deserialization: " + e); - } - return result; - - } - } Index: commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/FileItem.java =================================================================== --- commons-fileupload-1.1.1.orig/src/java/org/apache/commons/fileupload/FileItem.java +++ commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/FileItem.java @@ -19,7 +19,6 @@ import java.io.File; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.io.Serializable; import java.io.UnsupportedEncodingException; /** @@ -49,8 +48,7 @@ import java.io.UnsupportedEncodingExcept * * @version $Id: FileItem.java 349366 2005-11-28 04:44:57Z martinc $ */ -public interface FileItem - extends Serializable { +public interface FileItem { // ------------------------------- Methods from javax.activation.DataSource
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
