Description: Fixes CVE-2016-3092: Denial-of-Service vulnerability Origin: backport, https://svn.apache.org/r1743480 --- a/src/main/java/org/apache/commons/fileupload/MultipartStream.java +++ b/src/main/java/org/apache/commons/fileupload/MultipartStream.java @@ -326,11 +326,6 @@ throw new IllegalArgumentException("boundary may not be null"); } - this.input = input; - this.bufSize = bufSize; - this.buffer = new byte[bufSize]; - this.notifier = pNotifier; - // We prepend CR/LF to the boundary to chop trailing CR/LF from // body-data tokens. this.boundaryLength = boundary.length + BOUNDARY_PREFIX.length; @@ -338,6 +333,12 @@ throw new IllegalArgumentException( "The buffer size specified for the MultipartStream is too small"); } + + this.input = input; + this.bufSize = Math.max(bufSize, boundaryLength*2); + this.buffer = new byte[this.bufSize]; + this.notifier = pNotifier; + this.boundary = new byte[this.boundaryLength]; this.keepRegion = this.boundary.length;