File jakarta-commons-fileupload-CVE-2016-3092.patch of Package jakarta-commons-fileupload.28093
Index: commons-fileupload-1.1.1/xdocs/changes.xml
===================================================================
--- commons-fileupload-1.1.1.orig/xdocs/changes.xml
+++ commons-fileupload-1.1.1/xdocs/changes.xml
@@ -43,6 +43,8 @@ The <action> type attribute can be add,u
<release version="1.1.1" date="2006-06-08" description="Bugfix release">
+ <action dev="markt" type="add">(SUSE Backport from 1.5) Add a configurable limit (disabled by default) for the number of files to upload per request.</action>
+
<action dev="martinc" type="fix" issue="FILEUPLOAD-20">
Cache disk file item size when it is moved to a new location.
</action>
Index: commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/FileCountLimitExceededException.java
===================================================================
--- /dev/null
+++ commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/FileCountLimitExceededException.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.commons.fileupload;
+
+/**
+ * This exception is thrown if a request contains more files than the specified
+ * limit.
+ */
+public class FileCountLimitExceededException extends FileUploadException {
+
+ private static final long serialVersionUID = 6904179610227521789L;
+
+ /**
+ * The limit that was exceeded.
+ */
+ private final long limit;
+
+ /**
+ * Creates a new instance.
+ *
+ * @param message The detail message
+ * @param limit The limit that was exceeded
+ */
+ public FileCountLimitExceededException(final String message, final long limit) {
+ super(message);
+ this.limit = limit;
+ }
+
+ /**
+ * Retrieves the limit that was exceeded.
+ *
+ * @return The limit that was exceeded by the request
+ */
+ public long getLimit() {
+ return limit;
+ }
+}
Index: commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/FileUploadBase.java
===================================================================
--- commons-fileupload-1.1.1.orig/src/java/org/apache/commons/fileupload/FileUploadBase.java
+++ commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/FileUploadBase.java
@@ -172,6 +172,12 @@ public abstract class FileUploadBase {
*/
private long sizeMax = -1;
+ /**
+ * The maximum permitted number of files that may be uploaded in a single
+ * request. A value of -1 indicates no maximum.
+ */
+ private long fileCountMax = -1;
+
/**
* The content encoding to use when reading part headers.
@@ -181,6 +187,23 @@ public abstract class FileUploadBase {
// ----------------------------------------------------- Property accessors
+ /**
+ * Returns the maximum number of files allowed in a single request.
+ *
+ * @return The maximum number of files allowed in a single request.
+ */
+ public long getFileCountMax() {
+ return fileCountMax;
+ }
+
+ /**
+ * Sets the maximum number of files allowed per request.
+ *
+ * @param fileCountMax The new limit. {@code -1} means no limit.
+ */
+ public void setFileCountMax(final long fileCountMax) {
+ this.fileCountMax = fileCountMax;
+ }
/**
* Returns the factory class used when creating file items.
@@ -352,8 +375,18 @@ public abstract class FileUploadBase {
byte[] subBoundary = getBoundary(subContentType);
multi.setBoundary(subBoundary);
boolean nextSubPart = multi.skipPreamble();
+
+ int numFiles = 0;
+
while (nextSubPart) {
headers = parseHeaders(multi.readHeaders());
+
+ if (numFiles == getFileCountMax())
+ {
+ // The next item will exceed the limit.
+ throw new FileCountLimitExceededException(ATTACHMENT, getFileCountMax());
+ }
+
if (getFileName(headers) != null) {
FileItem item =
createItem(headers, false);