commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bernd Eckenfels (JIRA)" <>
Subject [jira] [Resolved] (FILEUPLOAD-248) [DISK] Unsafe file move operation (possibly swallowing write errors)
Date Mon, 19 May 2014 22:35:38 GMT


Bernd Eckenfels resolved FILEUPLOAD-248.

       Resolution: Fixed
    Fix Version/s: 1.4
         Assignee: Bernd Eckenfels

[FILEUPLOAD-248] DiskFileItem might suppress critical IOExceptions on rename - use FileUtil.move
Also: close input stream silently to make delete more probable. Remove unneeded BufferedInputStream
indirection for readFully().

> [DISK] Unsafe file move operation (possibly swallowing write errors)
> --------------------------------------------------------------------
>                 Key: FILEUPLOAD-248
>                 URL:
>             Project: Commons FileUpload
>          Issue Type: Bug
>    Affects Versions: 1.4
>         Environment: Source
>            Reporter: Bernd Eckenfels
>            Assignee: Bernd Eckenfels
>             Fix For: 1.4
> Because of a fix for FILEUPLOAD-246 I noticed that there is a fileRenameOrCopy function
which swallows exceptions on the OutputStream#close() method. This is unsafe since a lot of
filesystem operations can fail in exactly this step.
> There is also a Commons IO Utility which does rename or copy, so the whole code block
could be removed.
> Problem is here in Line 416:
> Besides using FileUtil.move() another option would be to add a out.close() before the

This message was sent by Atlassian JIRA

View raw message