1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
Description: Fixes an infinite loop caused by invalid MIME boundaries
Author: Mark Thomas <markt@apache.org>, backported by Emmanuel Bourg <ebourg@apache.org>
Origin: backport from Commons FileUpload 1.3.1, http://svn.apache.org/r1565143
--- a/src/java/org/apache/commons/fileupload/FileUploadBase.java
+++ b/src/java/org/apache/commons/fileupload/FileUploadBase.java
@@ -958,7 +958,11 @@
notifier = new MultipartStream.ProgressNotifier(listener,
ctx.getContentLength());
- multi = new MultipartStream(input, boundary, notifier);
+ try {
+ multi = new MultipartStream(input, boundary, notifier);
+ } catch (IllegalArgumentException iae) {
+ throw new InvalidContentTypeException("The boundary specified in the " + CONTENT_TYPE + " header is too long", iae);
+ }
multi.setHeaderEncoding(charEncoding);
skipPreamble = true;
@@ -1129,7 +1133,7 @@
* detail message.
*/
public InvalidContentTypeException() {
- // Nothing to do.
+ super();
}
/**
@@ -1141,6 +1145,10 @@
public InvalidContentTypeException(String message) {
super(message);
}
+
+ public InvalidContentTypeException(String msg, Throwable cause) {
+ super(msg, cause);
+ }
}
/**
--- a/src/java/org/apache/commons/fileupload/MultipartStream.java
+++ b/src/java/org/apache/commons/fileupload/MultipartStream.java
@@ -333,8 +333,11 @@
// We prepend CR/LF to the boundary to chop trailng CR/LF from
// body-data tokens.
- this.boundary = new byte[boundary.length + BOUNDARY_PREFIX.length];
this.boundaryLength = boundary.length + BOUNDARY_PREFIX.length;
+ if (bufSize < this.boundaryLength + 1) {
+ throw new IllegalArgumentException("The buffer size specified for the MultipartStream is too small");
+ }
+ this.boundary = new byte[this.boundaryLength];
this.keepRegion = this.boundary.length;
System.arraycopy(BOUNDARY_PREFIX, 0, this.boundary, 0,
BOUNDARY_PREFIX.length);
--- a/src/test/org/apache/commons/fileupload/MultipartStreamTest.java
+++ b/src/test/org/apache/commons/fileupload/MultipartStreamTest.java
@@ -36,7 +36,7 @@
final byte[] contents = strData.getBytes();
InputStream input = new ByteArrayInputStream(contents);
byte[] boundary = BOUNDARY_TEXT.getBytes();
- int iBufSize = boundary.length;
+ int iBufSize = boundary.length + MultipartStream.BOUNDARY_PREFIX.length + 1;
MultipartStream ms = new MultipartStream(
input,
boundary,
@@ -44,6 +44,26 @@
new MultipartStream.ProgressNotifier(null, contents.length));
}
+ public void testSmallBuffer() throws Exception {
+ try {
+ final String strData = "foobar";
+ final byte[] contents = strData.getBytes();
+ InputStream input = new ByteArrayInputStream(contents);
+ byte[] boundary = BOUNDARY_TEXT.getBytes();
+ int iBufSize = 1;
+
+ MultipartStream ms = new MultipartStream(
+ input,
+ boundary,
+ iBufSize,
+ new MultipartStream.ProgressNotifier(null, contents.length));
+
+ fail("IllegalArgumentException expected");
+ } catch (IllegalArgumentException e) {
+ // expected
+ }
+ }
+
public void testTwoParamConstructor() throws Exception {
final String strData = "foobar";
final byte[] contents = strData.getBytes();
|
