Uploaded image for project: 'Commons FileUpload'
  1. Commons FileUpload
  2. FILEUPLOAD-212

Insecure request size checking

    XMLWordPrintableJSON

Details

    Description

      In FileUploadBase there is an issue when checking for upload request size, the check is based on presence of Content-Length header in request and FALSE assumption that when present it will represent the actual request size. Using this fact, attacker can supply request with defined Content-Length of 60 and bypass file upload restrictions, which can lead to successful Resource Depletion type attack.

      IMHO by default file upload should return the LimitedInputStream implementation for file upload.

      Attachments

        1. FILEUPLOAD-212_test.patch
          14 kB
          Thomas Neidhart
        2. FILEUPLOAD-212_fix.patch
          2 kB
          Thomas Neidhart

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. FILEUPLOAD-202 org.apache.commons.fileupload.FileUploadBase$IOFileUploadException: Processing of multipart/form-data request failed. Stream ended unexpectedly

          • Major - Major loss of function.
          • Closed

          Activity

            People

              tn Thomas Neidhart
              fatfredyy Damian Kolasa
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 48h
                  48h
                  Remaining:
                  Remaining Estimate - 48h
                  48h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified