Skip to main content
summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Bartel2013-08-05 07:18:44 +0000
committerJan Bartel2013-08-05 07:18:44 +0000
commitf3f2bce36c2c4588b3421bb81f64fe082cccbde6 (patch)
tree7f83b93f99fdb63c0800ab7b972a0e05d64ba085
parentf5fb412eba20f77d1cface3719b5e48e2f5b2d9f (diff)
downloadorg.eclipse.jetty.project-f3f2bce36c2c4588b3421bb81f64fe082cccbde6.tar.gz
org.eclipse.jetty.project-f3f2bce36c2c4588b3421bb81f64fe082cccbde6.tar.xz
org.eclipse.jetty.project-f3f2bce36c2c4588b3421bb81f64fe082cccbde6.zip
414393 StringIndexOutofBoundsException with > 8k multipart content without CR or LF
-rw-r--r--jetty-servlets/src/main/java/org/eclipse/jetty/servlets/MultiPartFilter.java9
-rw-r--r--jetty-servlets/src/test/java/org/eclipse/jetty/servlets/MultipartFilterTest.java34
-rw-r--r--jetty-util/src/main/java/org/eclipse/jetty/util/ReadLineInputStream.java4
3 files changed, 45 insertions, 2 deletions
diff --git a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/MultiPartFilter.java b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/MultiPartFilter.java
index eb826d1142..fbf1887fe7 100644
--- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/MultiPartFilter.java
+++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/MultiPartFilter.java
@@ -151,6 +151,7 @@ public class MultiPartFilter implements Filter
params.add(entry.getKey(),value);
}
+ boolean badFormatLogged = false;
try
{
// Get first boundary
@@ -160,7 +161,7 @@ public class MultiPartFilter implements Filter
throw new IOException("Missing content for multipart request");
line = line.trim();
- boolean badFormatLogged = false;
+
while (line != null && !line.equals(boundary))
{
if (!badFormatLogged)
@@ -402,6 +403,12 @@ public class MultiPartFilter implements Filter
// handle request
chain.doFilter(new Wrapper(srequest,params),response);
}
+ catch (IOException e)
+ {
+ if (!badFormatLogged)
+ LOG.warn("Badly formatted multipart request");
+ throw e;
+ }
finally
{
deleteFiles(request);
diff --git a/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/MultipartFilterTest.java b/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/MultipartFilterTest.java
index a610a0f370..d8fc74da49 100644
--- a/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/MultipartFilterTest.java
+++ b/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/MultipartFilterTest.java
@@ -752,7 +752,39 @@ public class MultipartFilterTest
assertTrue(response.getContent().contains("aaaa,bbbbb"));
}
-
+ @Test
+ public void testBufferOverflowNoCRLF () throws Exception
+ {
+ String boundary="XyXyXy";
+ // generated and parsed test
+ HttpTester request = new HttpTester();
+ HttpTester response = new HttpTester();
+ tester.addServlet(BoundaryServlet.class,"/testb");
+ tester.setAttribute("fileName", "abc");
+ tester.setAttribute("desc", "123");
+ tester.setAttribute("title", "ttt");
+ request.setMethod("POST");
+ request.setVersion("HTTP/1.0");
+ request.setHeader("Host","tester");
+ request.setURI("/context/testb");
+ request.setHeader("Content-Type","multipart/form-data; boundary="+boundary);
+
+ String content = "--XyXyXy";
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ baos.write(content.getBytes());
+
+ for (int i=0; i< 8500; i++) //create content that will overrun default buffer size of BufferedInputStream
+ {
+ baos.write('a');
+ }
+ request.setContent(baos.toString());
+
+ response.parse(tester.getResponses(request.generate()));
+ assertTrue(response.getContent().contains("Buffer size exceeded"));
+ assertEquals(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, response.getStatus());
+ }
+
/*
* see the testParameterMap test
*
diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ReadLineInputStream.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ReadLineInputStream.java
index 3e80231b9d..7d1c010e0c 100644
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ReadLineInputStream.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ReadLineInputStream.java
@@ -49,6 +49,10 @@ public class ReadLineInputStream extends BufferedInputStream
while (true)
{
int b=super.read();
+
+ if (markpos < 0)
+ throw new IOException("Buffer size exceeded: no line terminator");
+
if (b==-1)
{
int m=markpos;

Back to the top