c61ff05b3241cb14d989b67209e57aa71540417a - commons-fileupload

commit	c61ff05b3241cb14d989b67209e57aa71540417a	[log] [tgz]
author	Mark Thomas <markt@apache.org>	Thu Feb 06 10:14:24 2014 +0000
committer	Mark Thomas <markt@apache.org>	Thu Feb 06 10:14:24 2014 +0000
tree	6b925f75f2c3f73319e121f6debc4d74b5e10696
parent	401ba23732e9ae96c3e4797eb624d357cb9ae2d0 [diff]

Fix CVE-2014-0050. Specially crafted input can trigger a DoS if the buffer used by the <code>MultipartStream</code> is not big enough. When constructing <code>MultipartStream</code> enforce the requirements for buffer size by throwing an <code>IllegalArgumentException</code> if the requested buffer size is too small. This prevents the DoS.

git-svn-id: https://svn.apache.org/repos/asf/commons/proper/fileupload/trunk@1565143 13f79535-47bb-0310-9956-ffa450edef68

src/changes/changes.xml[diff]
src/main/java/org/apache/commons/fileupload/FileUploadBase.java[diff]
src/main/java/org/apache/commons/fileupload/MultipartStream.java[diff]
src/test/java/org/apache/commons/fileupload/MultipartStreamTest.java[diff]

4 files changed

tree: 6b925f75f2c3f73319e121f6debc4d74b5e10696

src/
build-gump.xml
build.properties
build.xml
doap_fileupload.rdf
gump.xml
LICENSE.txt
NOTICE.txt
pom.xml
RELEASE-NOTES.txt