aboutsummaryrefslogtreecommitdiffstats
path: root/server/src
diff options
context:
space:
mode:
authorSergey Budkin <sergey@vaadin.com>2014-10-24 12:29:58 +0300
committerSauli Tähkäpää <sauli@vaadin.com>2014-11-10 13:00:04 +0200
commit3d7888dfd73266453bb561cd6b083874748ec73a (patch)
tree0692684002788590a0df5fb1720a7a9abc399209 /server/src
parent59e024b4a4231fa3e0c21d7adbffc5237774cb01 (diff)
downloadvaadin-framework-3d7888dfd73266453bb561cd6b083874748ec73a.tar.gz
vaadin-framework-3d7888dfd73266453bb561cd6b083874748ec73a.zip
Upload: OutOfMemory if stream already been read (#10096)
Added -1 check and test. Change-Id: I3f6c61417353884d22d8e6b33ef21319475c1907
Diffstat (limited to 'server/src')
-rw-r--r--server/src/com/vaadin/server/communication/FileUploadHandler.java8
1 files changed, 7 insertions, 1 deletions
diff --git a/server/src/com/vaadin/server/communication/FileUploadHandler.java b/server/src/com/vaadin/server/communication/FileUploadHandler.java
index 22c6a76106..576cbd8411 100644
--- a/server/src/com/vaadin/server/communication/FileUploadHandler.java
+++ b/server/src/com/vaadin/server/communication/FileUploadHandler.java
@@ -216,7 +216,10 @@ public class FileUploadHandler implements RequestHandler {
}
}
- private static final int LF = "\n".getBytes()[0];
+ /**
+ * as per RFC 2045, line delimiters in headers are always CRLF, i.e. 13 10
+ */
+ private static final int LF = 10;
private static final String CRLF = "\r\n";
@@ -295,6 +298,9 @@ public class FileUploadHandler implements RequestHandler {
ByteArrayOutputStream bout = new ByteArrayOutputStream();
int readByte = stream.read();
while (readByte != LF) {
+ if (readByte == -1) {
+ throw new IOException("The multipart stream ended unexpectedly");
+ }
bout.write(readByte);
readByte = stream.read();
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-10 06:38:21 +0000