diff options
author | Jan Bartel | 2013-08-05 07:18:44 +0000 |
---|---|---|
committer | Jan Bartel | 2013-08-05 07:18:44 +0000 |
commit | f3f2bce36c2c4588b3421bb81f64fe082cccbde6 (patch) | |
tree | 7f83b93f99fdb63c0800ab7b972a0e05d64ba085 | |
parent | f5fb412eba20f77d1cface3719b5e48e2f5b2d9f (diff) | |
download | org.eclipse.jetty.project-f3f2bce36c2c4588b3421bb81f64fe082cccbde6.tar.gz org.eclipse.jetty.project-f3f2bce36c2c4588b3421bb81f64fe082cccbde6.tar.xz org.eclipse.jetty.project-f3f2bce36c2c4588b3421bb81f64fe082cccbde6.zip |
414393 StringIndexOutofBoundsException with > 8k multipart content without CR or LF
3 files changed, 45 insertions, 2 deletions
diff --git a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/MultiPartFilter.java b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/MultiPartFilter.java index eb826d1142..fbf1887fe7 100644 --- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/MultiPartFilter.java +++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/MultiPartFilter.java @@ -151,6 +151,7 @@ public class MultiPartFilter implements Filter params.add(entry.getKey(),value); } + boolean badFormatLogged = false; try { // Get first boundary @@ -160,7 +161,7 @@ public class MultiPartFilter implements Filter throw new IOException("Missing content for multipart request"); line = line.trim(); - boolean badFormatLogged = false; + while (line != null && !line.equals(boundary)) { if (!badFormatLogged) @@ -402,6 +403,12 @@ public class MultiPartFilter implements Filter // handle request chain.doFilter(new Wrapper(srequest,params),response); } + catch (IOException e) + { + if (!badFormatLogged) + LOG.warn("Badly formatted multipart request"); + throw e; + } finally { deleteFiles(request); diff --git a/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/MultipartFilterTest.java b/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/MultipartFilterTest.java index a610a0f370..d8fc74da49 100644 --- a/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/MultipartFilterTest.java +++ b/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/MultipartFilterTest.java @@ -752,7 +752,39 @@ public class MultipartFilterTest assertTrue(response.getContent().contains("aaaa,bbbbb")); } - + @Test + public void testBufferOverflowNoCRLF () throws Exception + { + String boundary="XyXyXy"; + // generated and parsed test + HttpTester request = new HttpTester(); + HttpTester response = new HttpTester(); + tester.addServlet(BoundaryServlet.class,"/testb"); + tester.setAttribute("fileName", "abc"); + tester.setAttribute("desc", "123"); + tester.setAttribute("title", "ttt"); + request.setMethod("POST"); + request.setVersion("HTTP/1.0"); + request.setHeader("Host","tester"); + request.setURI("/context/testb"); + request.setHeader("Content-Type","multipart/form-data; boundary="+boundary); + + String content = "--XyXyXy"; + + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + baos.write(content.getBytes()); + + for (int i=0; i< 8500; i++) //create content that will overrun default buffer size of BufferedInputStream + { + baos.write('a'); + } + request.setContent(baos.toString()); + + response.parse(tester.getResponses(request.generate())); + assertTrue(response.getContent().contains("Buffer size exceeded")); + assertEquals(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, response.getStatus()); + } + /* * see the testParameterMap test * diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ReadLineInputStream.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ReadLineInputStream.java index 3e80231b9d..7d1c010e0c 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/ReadLineInputStream.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ReadLineInputStream.java @@ -49,6 +49,10 @@ public class ReadLineInputStream extends BufferedInputStream while (true) { int b=super.read(); + + if (markpos < 0) + throw new IOException("Buffer size exceeded: no line terminator"); + if (b==-1) { int m=markpos; |