Fix a performance issue with large boundaries leading to a Denial of Service (CVE-2016-3092)
git-svn-id: https://svn.apache.org/repos/asf/commons/proper/fileupload/trunk@1743480 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/src/main/java/org/apache/commons/fileupload/MultipartStream.java b/src/main/java/org/apache/commons/fileupload/MultipartStream.java
index 600a44e..0d05b71 100644
--- a/src/main/java/org/apache/commons/fileupload/MultipartStream.java
+++ b/src/main/java/org/apache/commons/fileupload/MultipartStream.java
@@ -325,12 +325,6 @@
if (boundary == null) {
throw new IllegalArgumentException("boundary may not be null");
}
-
- this.input = input;
- this.bufSize = bufSize;
- this.buffer = new byte[bufSize];
- this.notifier = pNotifier;
-
// We prepend CR/LF to the boundary to chop trailing CR/LF from
// body-data tokens.
this.boundaryLength = boundary.length + BOUNDARY_PREFIX.length;
@@ -338,6 +332,12 @@
throw new IllegalArgumentException(
"The buffer size specified for the MultipartStream is too small");
}
+
+ this.input = input;
+ this.bufSize = Math.max(bufSize, boundaryLength*2);
+ this.buffer = new byte[this.bufSize];
+ this.notifier = pNotifier;
+
this.boundary = new byte[this.boundaryLength];
this.keepRegion = this.boundary.length;