commit | c61ff05b3241cb14d989b67209e57aa71540417a | [log] [tgz] |
---|---|---|
author | Mark Thomas <markt@apache.org> | Thu Feb 06 10:14:24 2014 +0000 |
committer | Mark Thomas <markt@apache.org> | Thu Feb 06 10:14:24 2014 +0000 |
tree | 6b925f75f2c3f73319e121f6debc4d74b5e10696 | |
parent | 401ba23732e9ae96c3e4797eb624d357cb9ae2d0 [diff] |
Fix CVE-2014-0050. Specially crafted input can trigger a DoS if the buffer used by the <code>MultipartStream</code> is not big enough. When constructing <code>MultipartStream</code> enforce the requirements for buffer size by throwing an <code>IllegalArgumentException</code> if the requested buffer size is too small. This prevents the DoS. git-svn-id: https://svn.apache.org/repos/asf/commons/proper/fileupload/trunk@1565143 13f79535-47bb-0310-9956-ffa450edef68