Author: jochen
Date: Fri Apr 6 19:04:55 2007
New Revision: 526346
URL: http://svn.apache.org/viewvc?view=rev&rev=526346
Log:
A MalformedStreamException is now thrown, if the size of an
items headers exceeds HEADER_PART_SIZE_MAX.
PR: FILEUPLOAD-116
Submitted-by: Amichai Rothman <[EMAIL PROTECTED]>
Modified:
jakarta/commons/proper/fileupload/trunk/src/changes/changes.xml
jakarta/commons/proper/fileupload/trunk/src/java/org/apache/commons/fileupload/MultipartStream.java
Modified: jakarta/commons/proper/fileupload/trunk/src/changes/changes.xml
URL:
http://svn.apache.org/viewvc/jakarta/commons/proper/fileupload/trunk/src/changes/changes.xml?view=diff&rev=526346&r1=526345&r2=526346
==============================================================================
--- jakarta/commons/proper/fileupload/trunk/src/changes/changes.xml (original)
+++ jakarta/commons/proper/fileupload/trunk/src/changes/changes.xml Fri Apr 6
19:04:55 2007
@@ -55,6 +55,11 @@
due-to="Michael Macaluso" due-to-email="[EMAIL PROTECTED]">
Added support for accessing the file item headers.
</action>
+ <action dev="jochen" type="fix" issue="FILEUPLOAD-116"
+ due-to="Amichai Rothman" due-to-email="[EMAIL PROTECTED]">
+ A MalformedStreamException is now thrown, if the size of an items
+ headers exceeds HEADER_PART_SIZE_MAX;
+ </action>
</release>
<release version="1.2" date="2007-02-13">
Modified:
jakarta/commons/proper/fileupload/trunk/src/java/org/apache/commons/fileupload/MultipartStream.java
URL:
http://svn.apache.org/viewvc/jakarta/commons/proper/fileupload/trunk/src/java/org/apache/commons/fileupload/MultipartStream.java?view=diff&rev=526346&r1=526345&r2=526346
==============================================================================
---
jakarta/commons/proper/fileupload/trunk/src/java/org/apache/commons/fileupload/MultipartStream.java
(original)
+++
jakarta/commons/proper/fileupload/trunk/src/java/org/apache/commons/fileupload/MultipartStream.java
Fri Apr 6 19:04:55 2007
@@ -530,26 +530,27 @@
public String readHeaders()
throws MalformedStreamException {
int i = 0;
- byte[] b = new byte[1];
+ byte b;
// to support multi-byte characters
ByteArrayOutputStream baos = new ByteArrayOutputStream();
- int sizeMax = HEADER_PART_SIZE_MAX;
int size = 0;
while (i < HEADER_SEPARATOR.length) {
try {
- b[0] = readByte();
+ b = readByte();
} catch (IOException e) {
throw new MalformedStreamException("Stream ended
unexpectedly");
}
- size++;
- if (b[0] == HEADER_SEPARATOR[i]) {
+ if (++size > HEADER_PART_SIZE_MAX) {
+ throw new MalformedStreamException(
+ "Header section has more than " + HEADER_PART_SIZE_MAX
+ + " bytes (maybe it is not properly terminated)");
+ }
+ if (b == HEADER_SEPARATOR[i]) {
i++;
} else {
i = 0;
}
- if (size <= sizeMax) {
- baos.write(b[0]);
- }
+ baos.write(b);
}
String headers = null;
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
