You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Jochen Wiedmann (JIRA)" <ji...@apache.org> on 2009/01/18 03:54:59 UTC
[jira] Resolved: (FILEUPLOAD-169) FileItemStreamImpl closes
underlying stream on LimitedInputStream exception
[ https://issues.apache.org/jira/browse/FILEUPLOAD-169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jochen Wiedmann resolved FILEUPLOAD-169.
----------------------------------------
Resolution: Won't Fix
Fix Version/s: 1.3
Assignee: Jochen Wiedmann
Phillip, I am sorry, but I won't do anything in that area.
The limits are a security measure and designed to prevent DOS attacks. Obviously, your fear is not a DOS. But then you should question yourself, whether you need these limits at all and whether it wouldn't be just better to iterate over the parameters using the streaming API without throwing any exceptions, possibly discarding files, which become too large.
> FileItemStreamImpl closes underlying stream on LimitedInputStream exception
> ---------------------------------------------------------------------------
>
> Key: FILEUPLOAD-169
> URL: https://issues.apache.org/jira/browse/FILEUPLOAD-169
> Project: Commons FileUpload
> Issue Type: Bug
> Affects Versions: 1.2
> Reporter: Phillip Webb
> Assignee: Jochen Wiedmann
> Fix For: 1.3
>
> Attachments: FILEUPLOAD-169.patch
>
>
> FileUploadBase uses a LimitedInputStream to manage the fileSizeMax limit. If the limit is exceeded the raiseError message closes the stream and throws a FileSizeLimitExceededException.
> Unfortunately the close method is called with true to close the underlying MultipartStream. This means that additional calls to FileItemIteratorImpl will fail as findNextItem() throws a MalformedStreamException.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.