[libcommons-fileupload-java] 01/01: Fixed CVE-2016-3092: Denial-of-Service vulnerability

[Emmanuel Bourg]

This is an automated email from the git hooks/post-receive script.

ebourg-guest pushed a commit to branch jessie
in repository libcommons-fileupload-java.

commit d3754ea4154b250a2b7685d0ea1b1bcfeb9ef3f0
Author: Emmanuel Bourg <ebourg at apache.org>
Date:   Wed Jun 22 11:17:43 2016 +0200

    Fixed CVE-2016-3092: Denial-of-Service vulnerability
---
 debian/changelog                   |  6 ++++++
 debian/patches/CVE-2016-3092.patch | 29 +++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 3 files changed, 36 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 2210cb3..586fc2a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+libcommons-fileupload-java (1.3.1-1+deb8u1) jessie-security; urgency=high
+
+  * Fixed CVE-2016-3092: Denial-of-Service vulnerability
+
+ -- Emmanuel Bourg <ebourg at apache.org>  Wed, 22 Jun 2016 11:17:27 +0200
+
 libcommons-fileupload-java (1.3.1-1) unstable; urgency=medium
 
   * New upstream release
diff --git a/debian/patches/CVE-2016-3092.patch b/debian/patches/CVE-2016-3092.patch
new file mode 100644
index 0000000..0d6cc48
--- /dev/null
+++ b/debian/patches/CVE-2016-3092.patch
@@ -0,0 +1,29 @@
+Description: Fixes CVE-2016-3092: Denial-of-Service vulnerability
+Origin: backport, https://svn.apache.org/r1743480
+--- a/src/main/java/org/apache/commons/fileupload/MultipartStream.java
++++ b/src/main/java/org/apache/commons/fileupload/MultipartStream.java
+@@ -326,11 +326,6 @@
+             throw new IllegalArgumentException("boundary may not be null");
+         }
+ 
+-        this.input = input;
+-        this.bufSize = bufSize;
+-        this.buffer = new byte[bufSize];
+-        this.notifier = pNotifier;
+-
+         // We prepend CR/LF to the boundary to chop trailing CR/LF from
+         // body-data tokens.
+         this.boundaryLength = boundary.length + BOUNDARY_PREFIX.length;
+@@ -338,6 +333,12 @@
+             throw new IllegalArgumentException(
+                     "The buffer size specified for the MultipartStream is too small");
+         }
++
++        this.input = input;
++        this.bufSize = Math.max(bufSize, boundaryLength*2);
++        this.buffer = new byte[this.bufSize];
++        this.notifier = pNotifier;
++
+         this.boundary = new byte[this.boundaryLength];
+         this.keepRegion = this.boundary.length;
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 897d9ac..2557fa0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 001_update-tests-for-servlet3-api.patch
+CVE-2016-3092.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/libcommons-fileupload-java.git