[ofbiz-framework] branch release18.12 updated: Fixed: CVE-2021-37608 vulnerability bypass (OFBIZ-12307) (#352)

Tue, 23 Nov 2021 01:46:28 -0800 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release18.12 by this push:
     new 2222bd2  Fixed: CVE-2021-37608 vulnerability bypass (OFBIZ-12307) 
(#352)
2222bd2 is described below

commit 2222bd21b7e57f8b86acf0753528a52f088fc3bb
Author: rohitkou <[email protected]>
AuthorDate: Tue Nov 23 15:05:41 2021 +0530

    Fixed: CVE-2021-37608 vulnerability bypass (OFBIZ-12307) (#352)
    
    Fixed the Additional image uploading issue which got somehow missed in 
service addAdditionalViewForProduct.
    
    Co-authored-by: Rohit Koushal <[email protected]>
---
 .../main/java/org/apache/ofbiz/product/product/ProductServices.java  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git 
a/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductServices.java
 
b/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductServices.java
index 5f81e02..3a9aa55 100644
--- 
a/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductServices.java
+++ 
b/applications/product/src/main/java/org/apache/ofbiz/product/product/ProductServices.java
@@ -1055,10 +1055,13 @@ public class ProductServices {
                 String fileToCheck = imageServerPath + "/" + fileLocation + 
"." + extension.getString("fileExtensionId");
                 File file = new File(fileToCheck);
                 try {
-                    if 
(!org.apache.ofbiz.security.SecuredUpload.isValidFile(fileToCheck, "Image", 
delegator)) {
+                    Path tempFile = Files.createTempFile(null, null);
+                    Files.write(tempFile, imageData.array(), 
StandardOpenOption.APPEND);
+                    if 
(!org.apache.ofbiz.security.SecuredUpload.isValidFile(tempFile.toString(), 
"Image", delegator)) {
                         String errorMessage = 
UtilProperties.getMessage("SecurityUiLabels", "SupportedImageFormats", locale);
                         return ServiceUtil.returnError(errorMessage);
                     }
+                    Files.delete(tempFile);
                     RandomAccessFile out = new RandomAccessFile(fileToCheck, 
"rw");
                     out.write(imageData.array());
                     out.close();

Reply via email to