[ofbiz-framework] branch release17.12 updated: Fixed: CVE-2021-37608 vulnerability bypass (OFBIZ-12307) (#352)

Tue, 23 Nov 2021 01:46:26 -0800 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release17.12 by this push:
     new e3691d1  Fixed: CVE-2021-37608 vulnerability bypass (OFBIZ-12307) 
(#352)
e3691d1 is described below

commit e3691d1b2110b590b80dd4ea3c1fa09076a3032f
Author: rohitkou <93367235+rohit...@users.noreply.github.com>
AuthorDate: Tue Nov 23 15:05:41 2021 +0530

    Fixed: CVE-2021-37608 vulnerability bypass (OFBIZ-12307) (#352)
    
    Fixed the Additional image uploading issue which got somehow missed in 
service addAdditionalViewForProduct.
    
    Co-authored-by: Rohit Koushal <rohit.kousha...@gmail.com>
---
 .../main/java/org/apache/ofbiz/product/product/ProductServices.java  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git 
a/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductServices.java
 
b/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductServices.java
index 3fe1a66..617525e 100644
--- 
a/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductServices.java
+++ 
b/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductServices.java
@@ -1049,10 +1049,13 @@ public class ProductServices {
                 String fileToCheck = imageServerPath + "/" + fileLocation + 
"." + extension.getString("fileExtensionId");
                 File file = new File(fileToCheck);
                 try {
-                    if 
(!org.apache.ofbiz.security.SecuredUpload.isValidFile(fileToCheck, "Image", 
delegator)) {
+                    Path tempFile = Files.createTempFile(null, null);
+                    Files.write(tempFile, imageData.array(), 
StandardOpenOption.APPEND);
+                    if 
(!org.apache.ofbiz.security.SecuredUpload.isValidFile(tempFile.toString(), 
"Image", delegator)) {
                         String errorMessage = 
UtilProperties.getMessage("SecurityUiLabels", "SupportedImageFormats", locale);
                         return ServiceUtil.returnError(errorMessage);
                     }
+                    Files.delete(tempFile);
                     RandomAccessFile out = new RandomAccessFile(fileToCheck, 
"rw");
                     out.write(imageData.array());
                     out.close();

Reply via email to