From d140978788ad80704e0fac41c86a926191e0b05b Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Mon, 09 Jun 2014 09:39:57 +0000
Subject: [PATCH] import thermostat1-apache-commons-fileupload-1.3-12.el7

---
 SOURCES/CVE-2013-2186-commons-fileupload.patch |   31 +++++++++++++++++++++++++++++++
 1 files changed, 31 insertions(+), 0 deletions(-)

diff --git a/SOURCES/CVE-2013-2186-commons-fileupload.patch b/SOURCES/CVE-2013-2186-commons-fileupload.patch
new file mode 100644
index 0000000..7e8eca9
--- /dev/null
+++ b/SOURCES/CVE-2013-2186-commons-fileupload.patch
@@ -0,0 +1,31 @@
+Index: src/java/org/apache/commons/fileupload/disk/DiskFileItem.java
+===================================================================
+--- src/java/org/apache/commons/fileupload/disk/DiskFileItem.java	(revision 1516371)
++++ src/java/org/apache/commons/fileupload/disk/DiskFileItem.java	(working copy)
+@@ -712,6 +712,26 @@
+         // read values
+         in.defaultReadObject();
+ 
++        /* One expected use of serialization is to migrate HTTP sessions
++         * containing a DiskFileItem between JVMs. Particularly if the JVMs are
++         * on different machines It is possible that the repository location is
++         * not valid so validate it.
++         */
++        if (repository != null) {
++            if (repository.isDirectory()) {
++                // Check path for nulls
++                if (repository.getPath().contains("\0")) {
++                    throw new IOException("The repository [" + 
++                            repository.getPath() 
++                            +"] contains a null character");
++                }
++            } else {
++                throw new IOException("The repository [" + 
++                        repository.getAbsolutePath() +
++                        "] is not a directory");
++            }
++        }
++
+         OutputStream output = getOutputStream();
+         if (cachedContent != null) {
+             output.write(cachedContent);

--
Gitblit v1.8.0