File jakarta-commons-fileupload-CVE-2013-2186.patch of Package jakarta-commons-fileupload.28093
Index: src/java/org/apache/commons/fileupload/disk/DiskFileItem.java
===================================================================
--- src/java/org/apache/commons/fileupload/disk/DiskFileItem.java.orig
+++ src/java/org/apache/commons/fileupload/disk/DiskFileItem.java
@@ -674,6 +674,26 @@ public class DiskFileItem
// read values
in.defaultReadObject();
+ /* One expected use of serialization is to migrate HTTP sessions
+ * containing a DiskFileItem between JVMs. Particularly if the JVMs are
+ * on different machines It is possible that the repository location is
+ * not valid so validate it.
+ */
+ if (repository != null) {
+ if (repository.isDirectory()) {
+ // Check path for nulls
+ if (repository.getPath().contains("\0")) {
+ throw new IOException(java.lang.String.format(
+ "The repository [%s] contains a null character",
+ repository.getPath()));
+ }
+ } else {
+ throw new IOException(java.lang.String.format(
+ "The repository [%s] is not a directory",
+ repository.getAbsolutePath()));
+ }
+ }
+
OutputStream output = getOutputStream();
if (cachedContent != null) {
output.write(cachedContent);
Index: src/java/org/apache/commons/fileupload/DiskFileUpload.java
===================================================================
--- src/java/org/apache/commons/fileupload/DiskFileUpload.java.orig
+++ src/java/org/apache/commons/fileupload/DiskFileUpload.java
@@ -19,6 +19,8 @@ import java.io.File;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
+import static java.lang.String.format;
+
/**
* <p>High level API for processing file uploads.</p>
*