[FELIX-6271] Make sure invalid bundles are deleted in BundleServlet - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: webconsole-4.5.0
Fix Version/s: webconsole-4.5.2
Component/s: Web Console
Labels:
None

Description

If you attempt to upload an invalid bundle in BundleServlet (say a regular war file), null is returned from getSymbolicNameVersion(bundleFile). This result in a NPE and the bundleFile is not actually deleted. This could potentially allow someone to fill up the disk space of the server by repeatedly uploading large invalid war/jars.

PR: https://github.com/apache/felix-dev/pull/20

Attachments

Issue Links

links to

GitHub Pull Request #20

Activity

People

Assignee:: Carsten Ziegeler

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 30/Apr/20 10:11

Updated:: 08/May/20 06:31

Resolved:: 30/Apr/20 10:29