Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2:Test
jakarta-commons-fileupload
jakarta-commons-fileupload-CVE-2013-2186.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File jakarta-commons-fileupload-CVE-2013-2186.patch of Package jakarta-commons-fileupload
--- commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/disk/DiskFileItem.java.orig 2013-10-27 02:03:49.212940203 +0100 +++ commons-fileupload-1.1.1/src/java/org/apache/commons/fileupload/disk/DiskFileItem.java 2013-10-27 02:06:58.374053039 +0100 @@ -673,6 +673,28 @@ throws IOException, ClassNotFoundException { // read values in.defaultReadObject(); + /* One expected use of serialization is to migrate HTTP sessions + * containing a DiskFileItem between JVMs. Particularly if the JVMs are + * on different machines It is possible that the repository location is + * not valid so validate it. + */ + if (repository != null) { + if (repository.isDirectory()) { + // Check path for nulls + if (repository.getPath().contains("\0")) { + throw new IOException( + "The repository "+ + repository.getPath()+ + " contains a null character"); + } + } else { + throw new IOException( + "The repository "+ + repository.getAbsolutePath()+ + " is not a directory"); + } + } + OutputStream output = getOutputStream(); if (cachedContent != null) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor