File jakarta-commons-fileupload-CVE-2013-2186.patch of Package jakarta-commons-fileupload
--- commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/disk/DiskFileItem.java.orig 2013-10-27 02:03:49.212940203 +0100
+++ commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/disk/DiskFileItem.java 2013-10-27 02:06:58.374053039 +0100
@@ -673,6 +673,28 @@
throws IOException, ClassNotFoundException {
// read values
in.defaultReadObject();
+ /* One expected use of serialization is to migrate HTTP sessions
+ * containing a DiskFileItem between JVMs. Particularly if the JVMs are
+ * on different machines It is possible that the repository location is
+ * not valid so validate it.
+ */
+ if (repository != null) {
+ if (repository.isDirectory()) {
+ // Check path for nulls
+ if (repository.getPath().contains("\0")) {
+ throw new IOException(
+ "The repository "+
+ repository.getPath()+
+ " contains a null character");
+ }
+ } else {
+ throw new IOException(
+ "The repository "+
+ repository.getAbsolutePath()+
+ " is not a directory");
+ }
+ }
+
OutputStream output = getOutputStream();
if (cachedContent != null) {