File netty3-CVE-2024-29025.patch of Package netty3
--- a/src/main/java/org/jboss/netty/handler/codec/http/multipart/HttpPostMultipartRequestDecoder.java 2016-06-29 14:41:47.000000000 +0200
+++ b/src/main/java/org/jboss/netty/handler/codec/http/multipart/HttpPostMultipartRequestDecoder.java 2024-07-04 12:42:30.682137342 +0200
@@ -53,6 +53,16 @@
private final HttpRequest request;
/**
+ * The maximum number of fields allows by the form
+ */
+ private final int maxFields;
+
+ /**
+ * The maximum number of accumulated bytes when decoding a field
+ */
+ private final int maxBufferedBytes;
+
+ /**
* Default charset to use
*/
private Charset charset;
@@ -147,6 +157,23 @@
*/
public HttpPostMultipartRequestDecoder(HttpDataFactory factory, HttpRequest request,
Charset charset) throws ErrorDataDecoderException {
+ this(factory, request, charset, HttpPostRequestDecoder.DEFAULT_MAX_FIELDS, HttpPostRequestDecoder.DEFAULT_MAX_BUFFERED_BYTES);
+ }
+
+ /**
+ *
+ * @param factory the factory used to create InterfaceHttpData
+ * @param request the request to decode
+ * @param charset the charset to use as default
+ * @param maxFields
+ * the maximum number of fields the form can have, {@code -1} to disable
+ * @param maxBufferedBytes
+ * the maximum number of bytes the decoder can buffer when decoding a field, {@code -1} to disable
+ * @throws NullPointerException for request or charset or factory
+ * @throws ErrorDataDecoderException if the default charset was wrong when decoding or other errors
+ */
+ public HttpPostMultipartRequestDecoder(HttpDataFactory factory, HttpRequest request,
+ Charset charset, int maxFields, int maxBufferedBytes) throws ErrorDataDecoderException {
if (factory == null) {
throw new NullPointerException("factory");
}
@@ -159,6 +186,8 @@
this.request = request;
this.charset = charset;
this.factory = factory;
+ this.maxFields = maxFields;
+ this.maxBufferedBytes = maxBufferedBytes;
// Fill default values
setMultipart(this.request.headers().get(HttpHeaders.Names.CONTENT_TYPE));
if (!this.request.isChunked()) {
@@ -230,6 +259,9 @@
isLastChunk = true;
}
parseBody();
+ if (maxBufferedBytes > 0 && undecodedChunk != null && undecodedChunk.readableBytes() > maxBufferedBytes) {
+ throw new ErrorDataDecoderException();
+ }
}
public boolean hasNext() throws EndOfDataDecoderException {
@@ -268,10 +300,13 @@
/**
* Utility function to add a new decoded data
*/
- private void addHttpData(InterfaceHttpData data) {
+ private void addHttpData(InterfaceHttpData data) throws ErrorDataDecoderException {
if (data == null) {
return;
}
+ if (maxFields > 0 && bodyListHttpData.size() >= maxFields) {
+ throw new ErrorDataDecoderException();
+ }
List<InterfaceHttpData> datas = bodyMapHttpData.get(data.getName());
if (datas == null) {
datas = new ArrayList<InterfaceHttpData>(1);
--- a/src/main/java/org/jboss/netty/handler/codec/http/multipart/HttpPostRequestDecoder.java 2016-06-29 14:41:47.000000000 +0200
+++ b/src/main/java/org/jboss/netty/handler/codec/http/multipart/HttpPostRequestDecoder.java 2024-07-04 12:27:23.372964684 +0200
@@ -28,6 +28,11 @@
* This decoder will decode Body and can handle POST BODY (both multipart and standard).
*/
public class HttpPostRequestDecoder implements InterfaceHttpPostRequestDecoder {
+
+ static final int DEFAULT_MAX_FIELDS = 128;
+
+ static final int DEFAULT_MAX_BUFFERED_BYTES = 1024;
+
/**
* Does this request is a Multipart request
*/
@@ -58,6 +63,25 @@
/**
*
+ * @param request
+ * the request to decode
+ * @param maxFields
+ * the maximum number of fields the form can have, {@code -1} to disable
+ * @param maxBufferedBytes
+ * the maximum number of bytes the decoder can buffer when decoding a field, {@code -1} to disable
+ * @throws NullPointerException
+ * for request
+ * @throws ErrorDataDecoderException
+ * if the default charset was wrong when decoding or other
+ * errors
+ */
+ public HttpPostRequestDecoder(HttpRequest request, int maxFields, int maxBufferedBytes) throws ErrorDataDecoderException {
+ this(new DefaultHttpDataFactory(DefaultHttpDataFactory.MINSIZE), request, HttpConstants.DEFAULT_CHARSET,
+ maxFields, maxBufferedBytes);
+ }
+
+ /**
+ *
* @param factory the factory used to create InterfaceHttpData
* @param request the request to decode
* @param charset the charset to use as default
@@ -66,6 +90,23 @@
*/
public HttpPostRequestDecoder(HttpDataFactory factory, HttpRequest request,
Charset charset) throws ErrorDataDecoderException {
+ this(factory, request, charset, HttpPostRequestDecoder.DEFAULT_MAX_FIELDS,
+ HttpPostRequestDecoder.DEFAULT_MAX_BUFFERED_BYTES);
+ }
+
+ /**
+ *
+ * @param factory the factory used to create InterfaceHttpData
+ * @param request the request to decode
+ * @param charset the charset to use as default
+ * @param maxFields the maximum number of fields the form can have, {@code -1} to disable
+ * @param maxBufferedBytes
+ * the maximum number of bytes the decoder can buffer when decoding a field, {@code -1} to disable
+ * @throws NullPointerException for request or charset or factory
+ * @throws ErrorDataDecoderException if the default charset was wrong when decoding or other errors
+ */
+ public HttpPostRequestDecoder(HttpDataFactory factory, HttpRequest request, Charset charset,
+ int maxFields, int maxBufferedBytes) throws ErrorDataDecoderException {
if (factory == null) {
throw new NullPointerException("factory");
}
@@ -77,9 +118,9 @@
}
// Fill default values
if (isMultipart(request)) {
- decoder = new HttpPostMultipartRequestDecoder(factory, request, charset);
+ decoder = new HttpPostMultipartRequestDecoder(factory, request, charset, maxFields, maxBufferedBytes);
} else {
- decoder = new HttpPostStandardRequestDecoder(factory, request, charset);
+ decoder = new HttpPostStandardRequestDecoder(factory, request, charset, maxFields, maxBufferedBytes);
}
}
--- a/src/main/java/org/jboss/netty/handler/codec/http/multipart/HttpPostStandardRequestDecoder.java 2016-06-29 14:41:47.000000000 +0200
+++ b/src/main/java/org/jboss/netty/handler/codec/http/multipart/HttpPostStandardRequestDecoder.java 2024-07-04 12:39:27.134939191 +0200
@@ -57,6 +57,16 @@
private final Charset charset;
/**
+ * The maximum number of fields allows by the form
+ */
+ private final int maxFields;
+
+ /**
+ * The maximum number of accumulated bytes when decoding a field
+ */
+ private final int maxBufferedBytes;
+
+ /**
* Does the last chunk already received
*/
private boolean isLastChunk;
@@ -125,6 +135,21 @@
*/
public HttpPostStandardRequestDecoder(HttpDataFactory factory, HttpRequest request,
Charset charset) throws ErrorDataDecoderException {
+ this(factory, request, charset, HttpPostRequestDecoder.DEFAULT_MAX_FIELDS, HttpPostRequestDecoder.DEFAULT_MAX_BUFFERED_BYTES);
+ }
+
+ /**
+ *
+ * @param factory the factory used to create InterfaceHttpData
+ * @param request the request to decode
+ * @param charset the charset to use as default
+ * @param maxFields the maximum number of fields the form can have, {@code -1} to disable
+ * @param maxBufferedBytes the maximum number of bytes the decoder can buffer when decoding a field, {@code -1} to disable
+ * @throws NullPointerException for request or charset or factory
+ * @throws ErrorDataDecoderException if the default charset was wrong when decoding or other errors
+ */
+ public HttpPostStandardRequestDecoder(HttpDataFactory factory, HttpRequest request,
+ Charset charset, int maxFields, int maxBufferedBytes) throws ErrorDataDecoderException {
if (factory == null) {
throw new NullPointerException("factory");
}
@@ -137,6 +162,8 @@
this.request = request;
this.charset = charset;
this.factory = factory;
+ this.maxFields = maxFields;
+ this.maxBufferedBytes = maxBufferedBytes;
if (!this.request.isChunked()) {
undecodedChunk = this.request.getContent();
isLastChunk = true;
@@ -190,6 +217,9 @@
isLastChunk = true;
}
parseBody();
+ if (maxBufferedBytes > 0 && undecodedChunk != null && undecodedChunk.readableBytes() > maxBufferedBytes) {
+ throw new ErrorDataDecoderException();
+ }
}
public boolean hasNext() throws EndOfDataDecoderException {
@@ -228,10 +258,13 @@
/**
* Utility function to add a new decoded data
*/
- private void addHttpData(InterfaceHttpData data) {
+ private void addHttpData(InterfaceHttpData data) throws ErrorDataDecoderException {
if (data == null) {
return;
}
+ if (maxFields > 0 && bodyListHttpData.size() >= maxFields) {
+ throw new ErrorDataDecoderException();
+ }
List<InterfaceHttpData> datas = bodyMapHttpData.get(data.getName());
if (datas == null) {
datas = new ArrayList<InterfaceHttpData>(1);
