/[Apache-SVN]
ViewVC logotype

Revision 1565143


Jump to revision: Previous Next
Author: markt
Date: Thu Feb 6 10:14:24 2014 UTC (10 years, 10 months ago)
Changed paths: 4
Log Message:
Fix CVE-2014-0050. Specially crafted input can trigger a DoS if the buffer used by the <code>MultipartStream</code> is not big enough. When constructing <code>MultipartStream</code> enforce the requirements for buffer size by throwing an <code>IllegalArgumentException</code> if the requested buffer size is too small. This prevents the DoS.

Changed paths

Path Details
Directorycommons/proper/fileupload/trunk/src/changes/changes.xml modified , text changed
Directorycommons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/FileUploadBase.java modified , text changed
Directorycommons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/MultipartStream.java modified , text changed
Directorycommons/proper/fileupload/trunk/src/test/java/org/apache/commons/fileupload/MultipartStreamTest.java modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26