Uploaded image for project: 'Commons FileUpload'
  1. Commons FileUpload
  2. FILEUPLOAD-248

[DISK] Unsafe file move operation (possibly swallowing write errors)

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.4
    • Fix Version/s: 1.4
    • Labels:
      None
    • Environment:

      Source

      Description

      Because of a fix for FILEUPLOAD-246 I noticed that there is a fileRenameOrCopy function which swallows exceptions on the OutputStream#close() method. This is unsafe since a lot of filesystem operations can fail in exactly this step.

      There is also a Commons IO Utility which does rename or copy, so the whole code block could be removed.

      Problem is here in Line 416: http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java?revision=1568691&view=markup

      Besides using FileUtil.move() another option would be to add a out.close() before the catch.

        Attachments

          Activity

            People

            • Assignee:
              b.eckenfels Bernd Eckenfels
              Reporter:
              b.eckenfels Bernd Eckenfels
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: