You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Phillip Webb (JIRA)" <ji...@apache.org> on 2008/12/11 17:09:44 UTC
[jira] Created: (FILEUPLOAD-169) FileItemStreamImpl closes
underlying stream on LimitedInputStream exception
FileItemStreamImpl closes underlying stream on LimitedInputStream exception
---------------------------------------------------------------------------
Key: FILEUPLOAD-169
URL: https://issues.apache.org/jira/browse/FILEUPLOAD-169
Project: Commons FileUpload
Issue Type: Bug
Affects Versions: 1.2
Reporter: Phillip Webb
FileUploadBase uses a LimitedInputStream to manage the fileSizeMax limit. If the limit is exceeded the raiseError message closes the stream and throws a FileSizeLimitExceededException.
Unfortunately the close method is called with true to close the underlying MultipartStream. This means that additional calls to FileItemIteratorImpl will fail as findNextItem() throws a MalformedStreamException.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FILEUPLOAD-169) FileItemStreamImpl closes
underlying stream on LimitedInputStream exception
Posted by "Phillip Webb (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FILEUPLOAD-169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12665080#action_12665080 ]
Phillip Webb commented on FILEUPLOAD-169:
-----------------------------------------
I am actually not using FileUpload directly but instead relying on a MyFaces Tomahawk component that I am trying to fix up (see https://issues.apache.org/jira/browse/TOMAHAWK-1381).
I am a little confused by the API, there is a setFileSizeMax and a setSizeMax. sizeMax is the maximum total and fileSizeMax is the maximum per file? Are you saying that if a FileSizeLimitExceededException is thrown then this exception should be considered fatal and further calls to the iterator will fail?
I that is the case perhaps some additional doc comments could be added to FileSizeLimitExceededException to indicate that the exception cannot be caught as part of any iterators?
I will try and rework my Tomahawk patch to work as you suggest.
Cheers.
> FileItemStreamImpl closes underlying stream on LimitedInputStream exception
> ---------------------------------------------------------------------------
>
> Key: FILEUPLOAD-169
> URL: https://issues.apache.org/jira/browse/FILEUPLOAD-169
> Project: Commons FileUpload
> Issue Type: Bug
> Affects Versions: 1.2
> Reporter: Phillip Webb
> Assignee: Jochen Wiedmann
> Fix For: 1.3
>
> Attachments: FILEUPLOAD-169.patch
>
>
> FileUploadBase uses a LimitedInputStream to manage the fileSizeMax limit. If the limit is exceeded the raiseError message closes the stream and throws a FileSizeLimitExceededException.
> Unfortunately the close method is called with true to close the underlying MultipartStream. This means that additional calls to FileItemIteratorImpl will fail as findNextItem() throws a MalformedStreamException.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (FILEUPLOAD-169) FileItemStreamImpl closes
underlying stream on LimitedInputStream exception
Posted by "Jochen Wiedmann (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FILEUPLOAD-169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jochen Wiedmann resolved FILEUPLOAD-169.
----------------------------------------
Resolution: Won't Fix
Fix Version/s: 1.3
Assignee: Jochen Wiedmann
Phillip, I am sorry, but I won't do anything in that area.
The limits are a security measure and designed to prevent DOS attacks. Obviously, your fear is not a DOS. But then you should question yourself, whether you need these limits at all and whether it wouldn't be just better to iterate over the parameters using the streaming API without throwing any exceptions, possibly discarding files, which become too large.
> FileItemStreamImpl closes underlying stream on LimitedInputStream exception
> ---------------------------------------------------------------------------
>
> Key: FILEUPLOAD-169
> URL: https://issues.apache.org/jira/browse/FILEUPLOAD-169
> Project: Commons FileUpload
> Issue Type: Bug
> Affects Versions: 1.2
> Reporter: Phillip Webb
> Assignee: Jochen Wiedmann
> Fix For: 1.3
>
> Attachments: FILEUPLOAD-169.patch
>
>
> FileUploadBase uses a LimitedInputStream to manage the fileSizeMax limit. If the limit is exceeded the raiseError message closes the stream and throws a FileSizeLimitExceededException.
> Unfortunately the close method is called with true to close the underlying MultipartStream. This means that additional calls to FileItemIteratorImpl will fail as findNextItem() throws a MalformedStreamException.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (FILEUPLOAD-169) FileItemStreamImpl closes
underlying stream on LimitedInputStream exception
Posted by "Phillip Webb (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FILEUPLOAD-169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Phillip Webb updated FILEUPLOAD-169:
------------------------------------
Attachment: FILEUPLOAD-169.patch
Attached patch
> FileItemStreamImpl closes underlying stream on LimitedInputStream exception
> ---------------------------------------------------------------------------
>
> Key: FILEUPLOAD-169
> URL: https://issues.apache.org/jira/browse/FILEUPLOAD-169
> Project: Commons FileUpload
> Issue Type: Bug
> Affects Versions: 1.2
> Reporter: Phillip Webb
> Attachments: FILEUPLOAD-169.patch
>
>
> FileUploadBase uses a LimitedInputStream to manage the fileSizeMax limit. If the limit is exceeded the raiseError message closes the stream and throws a FileSizeLimitExceededException.
> Unfortunately the close method is called with true to close the underlying MultipartStream. This means that additional calls to FileItemIteratorImpl will fail as findNextItem() throws a MalformedStreamException.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.