commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Simone Tripodi (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (FILEUPLOAD-212) Insecure request size checking
Date Wed, 13 Mar 2013 07:28:13 GMT

     [ https://issues.apache.org/jira/browse/FILEUPLOAD-212?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Simone Tripodi resolved FILEUPLOAD-212.
---------------------------------------

    Resolution: Fixed

resolved by [~tn]'s in r1455729
                
> Insecure request size checking
> ------------------------------
>
>                 Key: FILEUPLOAD-212
>                 URL: https://issues.apache.org/jira/browse/FILEUPLOAD-212
>             Project: Commons FileUpload
>          Issue Type: Bug
>    Affects Versions: 1.2.2
>         Environment: Default configuration default environment.
>            Reporter: Damian Kolasa
>            Assignee: Thomas Neidhart
>            Priority: Critical
>              Labels: max_upload_size, resource_depletion, security
>             Fix For: 1.3
>
>         Attachments: FILEUPLOAD-212_fix.patch, FILEUPLOAD-212_test.patch
>
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> In FileUploadBase there is an issue when checking for upload request size, the check
is based on presence of Content-Length header in request and FALSE assumption that when present
it will represent the actual request size. Using this fact, attacker can supply request with
defined Content-Length of 60 and bypass file upload restrictions, which can lead to successful
Resource Depletion type attack. 
> IMHO by default file upload should return the LimitedInputStream implementation for file
upload.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message