This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release24.09
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release24.09 by this push:
new 766ee28bbb Fixed: Endless loop in SecuredUpload::inflate (OFBIZ-13341)
766ee28bbb is described below
commit 766ee28bbb352e308a2d0d494199271979f4ae36
Author: Jacques Le Roux <[email protected]>
AuthorDate: Fri Jan 16 08:57:23 2026 +0100
Fixed: Endless loop in SecuredUpload::inflate (OFBIZ-13341)
This was reported by Carsten Heinrigs <[email protected]> who has not yet a
Jira
account:
<<After submitting an image file (PNG) (see attachment), no response came.
Also found no log message. So I looked for the code, where it hang.
Found it in SecuredUpload::inflate>>
It's related to OFBIZ-13292. Carsten proposed a solution that I have
simplified.
Thanks: Carsten Heinrigs
Conflict handled by hand
---
.../src/main/java/org/apache/ofbiz/security/SecuredUpload.java | 3 +++
1 file changed, 3 insertions(+)
diff --git
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index d2ced1fcee..cd660d60b1 100644
---
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -579,6 +579,9 @@ public class SecuredUpload {
} else if (inflater.needsDictionary()) { // Dictionary to
be loaded
inflater.setDictionary(result);
inflater.getAdler();
+ } else { // nothing to inflate, avoid endless loop
+ inflater.end();
+ return true;
}
}
}
