aboutsummaryrefslogtreecommitdiffstats
path: root/server/src/main/java/com/vaadin
diff options
context:
space:
mode:
authorIlia Motornyi <elmot@vaadin.com>2017-05-26 09:42:18 +0300
committerGitHub <noreply@github.com>2017-05-26 09:42:18 +0300
commit32b934f7c7ca62817712dace9623c287a834df0e (patch)
tree49454431c2d2ccb002799de8495d15c7657cc5a0 /server/src/main/java/com/vaadin
parent223444ebc9ba8fb179df772864a012327ecf0cb9 (diff)
downloadvaadin-framework-32b934f7c7ca62817712dace9623c287a834df0e.tar.gz
vaadin-framework-32b934f7c7ca62817712dace9623c287a834df0e.zip
Fixes OOM for broken upload request
Related to #9102
Diffstat (limited to 'server/src/main/java/com/vaadin')
-rw-r--r--server/src/main/java/com/vaadin/server/communication/FileUploadHandler.java6
1 files changed, 6 insertions, 0 deletions
diff --git a/server/src/main/java/com/vaadin/server/communication/FileUploadHandler.java b/server/src/main/java/com/vaadin/server/communication/FileUploadHandler.java
index 3a0f8f7d79..08bcffa442 100644
--- a/server/src/main/java/com/vaadin/server/communication/FileUploadHandler.java
+++ b/server/src/main/java/com/vaadin/server/communication/FileUploadHandler.java
@@ -48,6 +48,8 @@ import com.vaadin.ui.Upload.FailedEvent;
*/
public class FileUploadHandler implements RequestHandler {
+ public static final int MULTIPART_BOUNDARY_LINE_LIMIT = 20000;
+
/**
* Stream that extracts content from another stream until the boundary
* string is encountered.
@@ -306,6 +308,10 @@ public class FileUploadHandler implements RequestHandler {
"The multipart stream ended unexpectedly");
}
bout.write(readByte);
+ if(bout.size() > MULTIPART_BOUNDARY_LINE_LIMIT) {
+ throw new IOException(
+ "The multipart stream does not contain boundary");
+ }
readByte = stream.read();
}
byte[] bytes = bout.toByteArray();
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-23 22:59:49 +0000