file-upload, tomcat and security trouble?

Fri, 12 May 2006 06:28:02 -0700 

Hello commons-user,

I have an question about file-upload, tomcat and security trouble
So, my situations are:

I.
    tomcat 5.5.15 with security policy
    commons-fileupload-1.0.jar
    simple webapp (upload.html + FileUploadServlet(see below))

II.
    tomcat 5.5.15 with security policy
    commons-fileupload-1.1.jar
    simple webapp (upload.html + FileUploadServlet)

In first case there are no security problems. If webapp has no access
to tmp directiry, java.security.AccessControlException appears. This
behavior is expected

In second case, when using file-upload-1.1 and webapp has  no acces to
tmp directory, AccessControlException does not appear and upload
process completes succesfully. I think this is very big hole

My question are:

1) Is this bug or my mistake?
2) Perhaps, is this tomcat problem?

Thx.

Corobitsyn Roman

================================================

upload form is:
<html>
  <body>
    <form  METHOD=POST enctype='multipart/form-data' action="/servlet/upload">
        <input type=file name='file'>
        <input type=submit>
    </form>
  </body>
</html>

================================================
and FileUploadServlet is

import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;

import org.apache.commons.fileupload.*;

public class FileUploadServlet extends HttpServlet {

    public void doPost(HttpServletRequest request, HttpServletResponse response)
            throws IOException, ServletException {
        DiskFileUpload upload = new DiskFileUpload();

        ServletContext context = getServletContext();
        String path = context.getRealPath("/");
        path +=  "/tmp";
        upload.setRepositoryPath(path);

        response.setContentType("text/html; charset=windows-1251");
        PrintWriter out = response.getWriter();

        try {
            List /* FileItem */ items = upload.parseRequest(request);
            for (int i = 0, n = items.size(); i < n; i++) {
                final FileItem fileItem = (FileItem) items.get(i);
                out.println(fileItem.getString() + " " + items.get(i));
            }
            out.close();
        }
        catch (FileUploadException e) {
            e.printStackTrace();
        }
    }
}



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to