File jakarta-commons-fileupload-CVE-2016-3092-2.patch of Package jakarta-commons-fileupload.28093
Index: commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/MultipartStream.java
===================================================================
--- commons-fileupload-1.1.1.orig/src/java/org/apache/commons/fileupload/MultipartStream.java
+++ commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/MultipartStream.java
@@ -253,24 +253,27 @@ public class MultipartStream {
public MultipartStream(InputStream input,
byte[] boundary,
int bufSize) {
- this.input = input;
- this.bufSize = bufSize;
- this.buffer = new byte[bufSize];
-
- // We prepend CR/LF to the boundary to chop trailng CR/LF from
+ if (boundary == null) {
+ throw new IllegalArgumentException("boundary may not be null");
+ }
+ // We prepend CR/LF to the boundary to chop trailing CR/LF from
// body-data tokens.
this.boundaryLength = boundary.length + BOUNDARY_PREFIX.length;
if (bufSize < this.boundaryLength + 1) {
throw new IllegalArgumentException(
"The buffer size specified for the MultipartStream is too small");
}
+
+ this.input = input;
+ this.bufSize = Math.max(bufSize, boundaryLength*2);
+ this.buffer = new byte[this.bufSize];
+
this.boundary = new byte[this.boundaryLength];
this.keepRegion = boundary.length + KEEP_REGION_PAD;
System.arraycopy(BOUNDARY_PREFIX, 0, this.boundary, 0,
BOUNDARY_PREFIX.length);
System.arraycopy(boundary, 0, this.boundary, BOUNDARY_PREFIX.length,
boundary.length);
-
head = 0;
tail = 0;
}