/[Apache-SVN]

Revision 1565143

Jump to revision:
Author:	markt
Date:	Thu Feb 6 10:14:24 2014 UTC (10 years, 2 months ago)
Changed paths:	4
Log Message:	Fix CVE-2014-0050. Specially crafted input can trigger a DoS if the buffer used by the <code>MultipartStream</code> is not big enough. When constructing <code>MultipartStream</code> enforce the requirements for buffer size by throwing an <code>IllegalArgumentException</code> if the requested buffer size is too small. This prevents the DoS.

Changed paths

Path	Details
commons/proper/fileupload/trunk/src/changes/changes.xml	modified , text changed
commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/FileUploadBase.java	modified , text changed
commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/MultipartStream.java	modified , text changed
commons/proper/fileupload/trunk/src/test/java/org/apache/commons/fileupload/MultipartStreamTest.java	modified , text changed

infrastructure at apache.org	ViewVC Help
Powered by ViewVC 1.1.26