diff options
| author | Sergey Budkin <sergey@vaadin.com> | 2014-10-24 12:29:58 +0300 |
|---|---|---|
| committer | Vaadin Code Review <review@vaadin.com> | 2014-10-29 14:27:37 +0000 |
| commit | ed2cc38308220d1c80999397288712e19df918e7 (patch) | |
| tree | c0083575a7e112b5c4eb0ebcd710b9bbb61cf4c1 /server/src | |
| parent | b5d16c53055fc3cda6fca637713fe2a045a765fb (diff) | |
| download | vaadin-framework-ed2cc38308220d1c80999397288712e19df918e7.tar.gz vaadin-framework-ed2cc38308220d1c80999397288712e19df918e7.zip | |
Upload: OutOfMemory if stream already been read (#10096)
Added -1 check and test.
Change-Id: I3f6c61417353884d22d8e6b33ef21319475c1907
Diffstat (limited to 'server/src')
| -rw-r--r-- | server/src/com/vaadin/server/communication/FileUploadHandler.java | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/server/src/com/vaadin/server/communication/FileUploadHandler.java b/server/src/com/vaadin/server/communication/FileUploadHandler.java index 22c6a76106..576cbd8411 100644 --- a/server/src/com/vaadin/server/communication/FileUploadHandler.java +++ b/server/src/com/vaadin/server/communication/FileUploadHandler.java @@ -216,7 +216,10 @@ public class FileUploadHandler implements RequestHandler { } } - private static final int LF = "\n".getBytes()[0]; + /** + * as per RFC 2045, line delimiters in headers are always CRLF, i.e. 13 10 + */ + private static final int LF = 10; private static final String CRLF = "\r\n"; @@ -295,6 +298,9 @@ public class FileUploadHandler implements RequestHandler { ByteArrayOutputStream bout = new ByteArrayOutputStream(); int readByte = stream.read(); while (readByte != LF) { + if (readByte == -1) { + throw new IOException("The multipart stream ended unexpectedly"); + } bout.write(readByte); readByte = stream.read(); } |