File jakarta-commons-fileupload-CVE-2014-0050-DOS-buffer-overflow.patch of Package jakarta-commons-fileupload.28093
--- commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/FileUploadBase.java 2006-06-08 10:14:31.000000000 +0200
+++ commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/FileUploadBase.java 2014-04-02 15:08:19.683187831 +0200
@@ -15,6 +15,8 @@
*/
package org.apache.commons.fileupload;
+import static java.lang.String.format;
+
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@@ -158,6 +160,8 @@
*/
public static final int MAX_HEADER_SIZE = 1024;
+ private MultipartStream multi;
+
// ----------------------------------------------------------- Data members
@@ -328,7 +332,12 @@
InputStream input = ctx.getInputStream();
- MultipartStream multi = new MultipartStream(input, boundary);
+ try {
+ multi = new MultipartStream(input, boundary);
+ } catch (IllegalArgumentException iae) {
+ throw new InvalidContentTypeException(
+ format("The boundary specified in the %s header is too long", CONTENT_TYPE), iae);
+ }
multi.setHeaderEncoding(charEncoding);
boolean nextPart = multi.skipPreamble();
@@ -601,6 +610,10 @@
public InvalidContentTypeException(String message) {
super(message);
}
+
+ public InvalidContentTypeException(String msg, Throwable cause) {
+ super(msg, cause);
+ }
}
diff -urN commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/MultipartStream.java commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/MultipartStream.java
--- commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/MultipartStream.java 2006-06-08 10:14:30.000000000 +0200
+++ commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/MultipartStream.java 2014-04-02 14:23:47.116940699 +0200
@@ -259,8 +259,12 @@
// We prepend CR/LF to the boundary to chop trailng CR/LF from
// body-data tokens.
- this.boundary = new byte[boundary.length + BOUNDARY_PREFIX.length];
this.boundaryLength = boundary.length + BOUNDARY_PREFIX.length;
+ if (bufSize < this.boundaryLength + 1) {
+ throw new IllegalArgumentException(
+ "The buffer size specified for the MultipartStream is too small");
+ }
+ this.boundary = new byte[this.boundaryLength];
this.keepRegion = boundary.length + KEEP_REGION_PAD;
System.arraycopy(BOUNDARY_PREFIX, 0, this.boundary, 0,
BOUNDARY_PREFIX.length);
--- commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/FileUploadException.java 2006-06-08 10:14:30.000000000 +0200
+++ commons-fileupload-1.1.1.new/src/java/org/apache/commons/fileupload/FileUploadException.java 2014-04-02 15:13:02.806214012 +0200
@@ -15,6 +15,9 @@
*/
package org.apache.commons.fileupload;
+import java.io.PrintStream;
+import java.io.PrintWriter;
+
/**
* Exception for errors encountered while processing the request.
*
@@ -25,9 +28,16 @@
extends Exception {
/**
+ * The exceptions cause. We overwrite the cause of
+ * the super class, which isn't available in Java 1.3.
+ */
+ private final Throwable cause;
+
+ /**
* Constructs a new <code>FileUploadException</code> without message.
*/
public FileUploadException() {
+ this(null, null);
}
/**
@@ -37,6 +47,55 @@
* @param msg the error message.
*/
public FileUploadException(final String msg) {
+ this(msg, null);
+ }
+
+ /**
+ * Creates a new <code>FileUploadException</code> with the given
+ * detail message and cause.
+ *
+ * @param msg The exceptions detail message.
+ * @param cause The exceptions cause.
+ */
+ public FileUploadException(String msg, Throwable cause) {
super(msg);
+ this.cause = cause;
+ }
+
+ /**
+ * Prints this throwable and its backtrace to the specified print stream.
+ *
+ * @param stream <code>PrintStream</code> to use for output
+ */
+ @Override
+ public void printStackTrace(PrintStream stream) {
+ super.printStackTrace(stream);
+ if (cause != null) {
+ stream.println("Caused by:");
+ cause.printStackTrace(stream);
+ }
+ }
+
+ /**
+ * Prints this throwable and its backtrace to the specified
+ * print writer.
+ *
+ * @param writer <code>PrintWriter</code> to use for output
+ */
+ @Override
+ public void printStackTrace(PrintWriter writer) {
+ super.printStackTrace(writer);
+ if (cause != null) {
+ writer.println("Caused by:");
+ cause.printStackTrace(writer);
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public Throwable getCause() {
+ return cause;
}
}
--- commons-fileupload-1.1.1/src/test/org/apache/commons/fileupload/MultipartStreamTest.java 2006-06-08 10:14:30.000000000 +0200
+++ commons-fileupload-1.1.1.new/src/test/org/apache/commons/fileupload/MultipartStreamTest.java 2014-04-02 15:15:35.770228156 +0200
@@ -39,7 +39,7 @@
final String strData = "foobar";
InputStream input = new ByteArrayInputStream(strData.getBytes());
byte[] boundary = BOUNDARY_TEXT.getBytes();
- int iBufSize = boundary.length;
+ int iBufSize = boundary.length + MultipartStream.BOUNDARY_PREFIX.length + 1;
MultipartStream ms = new MultipartStream(
input,
boundary,