Overview

File jakarta-commons-fileupload-CVE-2013-2186.patch of Package jakarta-commons-fileupload

--- commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/disk/DiskFileItem.java.orig	2013-10-27 02:03:49.212940203 +0100
+++ commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/disk/DiskFileItem.java	2013-10-27 02:06:58.374053039 +0100
@@ -673,6 +673,28 @@
             throws IOException, ClassNotFoundException {
         // read values
         in.defaultReadObject();
+        /* One expected use of serialization is to migrate HTTP sessions
+         * containing a DiskFileItem between JVMs. Particularly if the JVMs are
+         * on different machines It is possible that the repository location is
+         * not valid so validate it.
+         */
+        if (repository != null) {
+            if (repository.isDirectory()) {
+                // Check path for nulls
+                if (repository.getPath().contains("\0")) {
+                    throw new IOException(
+                            "The repository "+ 
+                            repository.getPath()+
+                            " contains a null character");
+                }
+            } else {
+                throw new IOException(
+                        "The repository "+
+                        repository.getAbsolutePath()+
+                        " is not a directory");
+            }
+        }
+
 
         OutputStream output = getOutputStream();
         if (cachedContent != null) {
openSUSE Build Service is sponsored by
Places