File jakarta-commons-fileupload-CVE-2014-0050-DOS-buffer-overflow.patch of Package jakarta-commons-fileupload.28093

--- commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/FileUploadBase.java 2006-06-08 10:14:31.000000000 +0200
+++ commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/FileUploadBase.java     2014-04-02 15:08:19.683187831 +0200
@@ -15,6 +15,8 @@
  */
 package org.apache.commons.fileupload;
 
+import static java.lang.String.format;
+
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -158,6 +160,8 @@
      */
     public static final int MAX_HEADER_SIZE = 1024;
 
+    private MultipartStream multi;
+
 
     // ----------------------------------------------------------- Data members
 
@@ -328,7 +332,12 @@
 
             InputStream input = ctx.getInputStream();
 
-            MultipartStream multi = new MultipartStream(input, boundary);
+            try {
+                multi = new MultipartStream(input, boundary);
+            } catch (IllegalArgumentException iae) {
+                throw new InvalidContentTypeException(
+                        format("The boundary specified in the %s header is too long", CONTENT_TYPE), iae);
+            }
             multi.setHeaderEncoding(charEncoding);
 
             boolean nextPart = multi.skipPreamble();
@@ -601,6 +610,10 @@
         public InvalidContentTypeException(String message) {
             super(message);
         }
+
+        public InvalidContentTypeException(String msg, Throwable cause) {
+            super(msg, cause);
+        }
     }
 
 
diff -urN commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/MultipartStream.java commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/MultipartStream.java
--- commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/MultipartStream.java        2006-06-08 10:14:30.000000000 +0200
+++ commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/MultipartStream.java    2014-04-02 14:23:47.116940699 +0200
@@ -259,8 +259,12 @@
 
         // We prepend CR/LF to the boundary to chop trailng CR/LF from
         // body-data tokens.
-        this.boundary = new byte[boundary.length + BOUNDARY_PREFIX.length];
         this.boundaryLength = boundary.length + BOUNDARY_PREFIX.length;
+        if (bufSize < this.boundaryLength + 1) {
+            throw new IllegalArgumentException(
+                    "The buffer size specified for the MultipartStream is too small");
+        }
+        this.boundary = new byte[this.boundaryLength];
         this.keepRegion = boundary.length + KEEP_REGION_PAD;
         System.arraycopy(BOUNDARY_PREFIX, 0, this.boundary, 0,
                 BOUNDARY_PREFIX.length);
--- commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/FileUploadException.java    2006-06-08 10:14:30.000000000 +0200
+++ commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/FileUploadException.java        2014-04-02 15:13:02.806214012 +0200
@@ -15,6 +15,9 @@
  */
 package org.apache.commons.fileupload;
 
+import java.io.PrintStream;
+import java.io.PrintWriter;
+
 /**
  * Exception for errors encountered while processing the request.
  *
@@ -25,9 +28,16 @@
     extends Exception {
 
     /**
+     * The exceptions cause. We overwrite the cause of
+     * the super class, which isn't available in Java 1.3.
+     */
+    private final Throwable cause;
+
+    /**
      * Constructs a new <code>FileUploadException</code> without message.
      */
     public FileUploadException() {
+        this(null, null);
     }
 
     /**
@@ -37,6 +47,55 @@
      * @param msg the error message.
      */
     public FileUploadException(final String msg) {
+        this(msg, null);
+    }
+
+    /**
+     * Creates a new <code>FileUploadException</code> with the given
+     * detail message and cause.
+     *
+     * @param msg The exceptions detail message.
+     * @param cause The exceptions cause.
+     */
+    public FileUploadException(String msg, Throwable cause) {
         super(msg);
+        this.cause = cause;
+    }
+
+    /**
+     * Prints this throwable and its backtrace to the specified print stream.
+     *
+     * @param stream <code>PrintStream</code> to use for output
+     */
+    @Override
+    public void printStackTrace(PrintStream stream) {
+        super.printStackTrace(stream);
+        if (cause != null) {
+            stream.println("Caused by:");
+            cause.printStackTrace(stream);
+        }
+    }
+
+    /**
+     * Prints this throwable and its backtrace to the specified
+     * print writer.
+     *
+     * @param writer <code>PrintWriter</code> to use for output
+     */
+    @Override
+    public void printStackTrace(PrintWriter writer) {
+        super.printStackTrace(writer);
+        if (cause != null) {
+            writer.println("Caused by:");
+            cause.printStackTrace(writer);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public Throwable getCause() {
+        return cause;
     }
 }
--- commons-fileupload-1.1.1/src/test/org/apache/commons/fileupload/MultipartStreamTest.java	2006-06-08 10:14:30.000000000 +0200
+++ commons-fileupload-1.1.1.new/src/test/org/apache/commons/fileupload/MultipartStreamTest.java	2014-04-02 15:15:35.770228156 +0200
@@ -39,7 +39,7 @@
 		final String strData = "foobar";
 		InputStream input = new ByteArrayInputStream(strData.getBytes());
     	byte[] boundary = BOUNDARY_TEXT.getBytes();
-    	int iBufSize = boundary.length;
+    	int iBufSize = boundary.length + MultipartStream.BOUNDARY_PREFIX.length + 1;
     	MultipartStream ms = new MultipartStream(
     			input,
     			boundary,
openSUSE Build Service is sponsored by