Re: file-upload, tomcat and security trouble

Sat, 13 May 2006 13:04:49 -0700 

On 5/12/06, Corobitsyn Roman <[EMAIL PROTECTED]> wrote:


Hello commons-user,

I have an question about file-upload, tomcat and security trouble
So, my situations are:

I.
    tomcat 5.5.15 with security policy
    commons-fileupload-1.0.jar
    simple webapp (upload.html + FileUploadServlet(see below))

II.
    tomcat 5.5.15 with security policy
    commons-fileupload-1.1.jar
    simple webapp (upload.html + FileUploadServlet)

In first case there are no security problems. If webapp has no access
to tmp directiry, java.security.AccessControlException appears. This
behavior is expected

In second case, when using file-upload-1.1 and webapp has  no acces to
tmp directory, AccessControlException does not appear and upload
process completes succesfully. I think this is very big hole

My question are:

1) What is my mistake?
2) Perhaps, is this tomcat problem?



Are you sure that, in both cases, there is enough data that FileUpload is
actually writing to the disk? If the upload is small enough to be held in
memory, then you wouldn't see the exception.

Other than that, I don't see that any changes in FileUpload would cause this
change in behaviour.

--
Martin Cooper


Thx.


Corobitsyn Roman

upload form is:
<html>
  <body>
    <form  METHOD=POST enctype='multipart/form-data'
action="/servlet/upload">
        <input type=file name='file'>
        <input type=submit>
    </form>
  </body>
</html>

and FileUploadServlet is

import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;

import org.apache.commons.fileupload.*;

public class FileUploadServlet extends HttpServlet {

    public void doPost(HttpServletRequest request, HttpServletResponse
response)
            throws IOException, ServletException {
        DiskFileUpload upload = new DiskFileUpload();

        ServletContext context = getServletContext();
        String path = context.getRealPath("/");
        path +=  "/tmp";
        upload.setRepositoryPath(path);

        response.setContentType("text/html; charset=windows-1251");
        PrintWriter out = response.getWriter();

        try {
            List /* FileItem */ items = upload.parseRequest(request);
            for (int i = 0, n = items.size(); i < n; i++) {
                final FileItem fileItem = (FileItem) items.get(i);
                out.println(fileItem.getString() + " " + items.get(i));
            }
            out.close();
        }
        catch (FileUploadException e) {
            e.printStackTrace();
        }
    }
}



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
























					Reply via email to