rpms/apache-commons-fileupload
Archived
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add backported upstream patch to fix DoS vulnerability

Browse source 
- Resolves: CVE-2014-0050
This commit is contained in:
Mikolaj Izdebski 2014-02-06 18:22:39 +01:00
commit 7f0626d251
2 changed files with 159 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

151
apache-commons-fileupload-CVE-2014-0050.patch Normal file
View file

@ -0,0 +1,151 @@
diff --git a/src/main/java/org/apache/commons/fileupload/FileUploadBase.java b/src/main/java/org/apache/commons/fileupload/FileUploadBase.java
index b693744..c8f5ca1 100644
--- a/src/main/java/org/apache/commons/fileupload/FileUploadBase.java
+++ b/src/main/java/org/apache/commons/fileupload/FileUploadBase.java
@@ -991,7 +991,12 @@ public abstract class FileUploadBase {
}
notifier = new MultipartStream.ProgressNotifier(listener, requestSize);
- multi = new MultipartStream(input, boundary, notifier);
+ try {
+ multi = new MultipartStream(input, boundary, notifier);
+ } catch (IllegalArgumentException iae) {
+ throw new InvalidContentTypeException(
+ format("The boundary specified in the %s header is too long", CONTENT_TYPE), iae);
+ }
multi.setHeaderEncoding(charEncoding);
skipPreamble = true;
@@ -1183,7 +1188,7 @@ public abstract class FileUploadBase {
* detail message.
*/
public InvalidContentTypeException() {
- // Nothing to do.
+ super();
}
/**
@@ -1196,6 +1201,9 @@ public abstract class FileUploadBase {
super(message);
}
+ public InvalidContentTypeException(String msg, Throwable cause) {
+ super(msg, cause);
+ }
}
/**
diff --git a/src/main/java/org/apache/commons/fileupload/MultipartStream.java b/src/main/java/org/apache/commons/fileupload/MultipartStream.java
index 9088947..0474ef9 100644
--- a/src/main/java/org/apache/commons/fileupload/MultipartStream.java
+++ b/src/main/java/org/apache/commons/fileupload/MultipartStream.java
@@ -268,10 +268,8 @@ public class MultipartStream {
/**
* Creates a new instance.
*
- * @deprecated 1.2.1 Use {@link #MultipartStream(InputStream, byte[],
- * org.apache.commons.fileupload.MultipartStream.ProgressNotifier)},
- * or {@link #MultipartStream(InputStream, byte[], int,
- * org.apache.commons.fileupload.MultipartStream.ProgressNotifier)}
+ * @deprecated 1.2.1 Use {@link #MultipartStream(InputStream, byte[], int,
+ * ProgressNotifier)}
*/
@Deprecated
public MultipartStream() {
@@ -292,10 +290,8 @@ public class MultipartStream {
* <code>encapsulations</code>.
* @param bufSize The size of the buffer to be used, in bytes.
*
- * @see #MultipartStream(InputStream, byte[],
- * MultipartStream.ProgressNotifier)
* @deprecated 1.2.1 Use {@link #MultipartStream(InputStream, byte[], int,
- * org.apache.commons.fileupload.MultipartStream.ProgressNotifier)}.
+ * ProgressNotifier)}.
*/
@Deprecated
public MultipartStream(InputStream input, byte[] boundary, int bufSize) {
@@ -317,8 +313,7 @@ public class MultipartStream {
* @param pNotifier The notifier, which is used for calling the
* progress listener, if any.
*
- * @see #MultipartStream(InputStream, byte[],
- * MultipartStream.ProgressNotifier)
+ * @throws IllegalArgumentException If the buffer size is too small
*/
MultipartStream(InputStream input,
byte[] boundary,
@@ -331,9 +326,14 @@ public class MultipartStream {
// We prepend CR/LF to the boundary to chop trailing CR/LF from
// body-data tokens.
- this.boundary = new byte[boundary.length + BOUNDARY_PREFIX.length];
this.boundaryLength = boundary.length + BOUNDARY_PREFIX.length;
+ if (bufSize < this.boundaryLength + 1) {
+ throw new IllegalArgumentException(
+ "The buffer size specified for the MultipartStream is too small");
+ }
+ this.boundary = new byte[this.boundaryLength];
this.keepRegion = this.boundary.length;
+
System.arraycopy(BOUNDARY_PREFIX, 0, this.boundary, 0,
BOUNDARY_PREFIX.length);
System.arraycopy(boundary, 0, this.boundary, BOUNDARY_PREFIX.length,
@@ -352,8 +352,7 @@ public class MultipartStream {
* @param pNotifier An object for calling the progress listener, if any.
*
*
- * @see #MultipartStream(InputStream, byte[], int,
- * MultipartStream.ProgressNotifier)
+ * @see #MultipartStream(InputStream, byte[], int, ProgressNotifier)
*/
MultipartStream(InputStream input,
byte[] boundary,
@@ -368,10 +367,8 @@ public class MultipartStream {
* @param boundary The token used for dividing the stream into
* <code>encapsulations</code>.
*
- * @deprecated 1.2.1 Use {@link #MultipartStream(InputStream, byte[],
- * MultipartStream.ProgressNotifier)}.
- * @see #MultipartStream(InputStream, byte[], int,
- * MultipartStream.ProgressNotifier)
+ * @deprecated 1.2.1 Use {@link #MultipartStream(InputStream, byte[], int,
+ * ProgressNotifier)}.
*/
@Deprecated
public MultipartStream(InputStream input,
diff --git a/src/test/java/org/apache/commons/fileupload/MultipartStreamTest.java b/src/test/java/org/apache/commons/fileupload/MultipartStreamTest.java
index 7148d81..80871f4 100644
--- a/src/test/java/org/apache/commons/fileupload/MultipartStreamTest.java
+++ b/src/test/java/org/apache/commons/fileupload/MultipartStreamTest.java
@@ -38,7 +38,8 @@ public class MultipartStreamTest {
final byte[] contents = strData.getBytes();
InputStream input = new ByteArrayInputStream(contents);
byte[] boundary = BOUNDARY_TEXT.getBytes();
- int iBufSize = boundary.length;
+ int iBufSize =
+ boundary.length + MultipartStream.BOUNDARY_PREFIX.length + 1;
MultipartStream ms = new MultipartStream(
input,
boundary,
@@ -47,6 +48,21 @@ public class MultipartStreamTest {
assertNotNull(ms);
}
+ @Test(expected=IllegalArgumentException.class)
+ public void testSmallBuffer() throws Exception {
+ final String strData = "foobar";
+ final byte[] contents = strData.getBytes();
+ InputStream input = new ByteArrayInputStream(contents);
+ byte[] boundary = BOUNDARY_TEXT.getBytes();
+ int iBufSize = 1;
+ @SuppressWarnings("unused")
+ MultipartStream ms = new MultipartStream(
+ input,
+ boundary,
+ iBufSize,
+ new MultipartStream.ProgressNotifier(null, contents.length));
+ }
+
@Test
public void testTwoParamConstructor() throws Exception {
final String strData = "foobar";

9
apache-commons-fileupload.spec
View file

@ -3,7 +3,7 @@
Name: apache-%{short_name}
Version: 1.3
Release: 4%{?dist}
Release: 5%{?dist}
Summary: This package provides an api to work with html file upload
License: ASL 2.0
Group: Development/Libraries
@ -11,6 +11,8 @@ URL: http://commons.apache.org/%{base_name}/
Source0: http://www.apache.org/dist/commons/%{base_name}/source/%{short_name}-%{version}-src.tar.gz
BuildArch: noarch
# Backported from upstream revision 1565143
Patch0: %{name}-CVE-2014-0050.patch
Patch1: %{name}-portlet20.patch
BuildRequires: java-devel >= 1:1.6.0
@ -63,6 +65,7 @@ This package contains the API documentation for %{name}.
%prep
%setup -q -n %{short_name}-%{version}-src
%patch0 -p1
sed -i 's/\r//' LICENSE.txt
sed -i 's/\r//' NOTICE.txt
@ -123,6 +126,10 @@ rm -rf $(readlink -f %{_javadocdir}/%{name}) %{_javadocdir}/%{name} || :
# -----------------------------------------------------------------------------
%changelog
* Thu Feb 6 2014 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.3-5
- Add backported upstream patch to fix DoS vulnerability
- Resolves: CVE-2014-0050
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild