[jira] [Commented] (FELIX-6037) Commons FileUpload 1.4 + Apache Felix Bundle WebConsole

Carsten Ziegeler (JIRA) Tue, 13 Aug 2019 07:29:06 -0700


    [ 
https://issues.apache.org/jira/browse/FELIX-6037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16906253#comment-16906253
 ]


Carsten Ziegeler commented on FELIX-6037:
-----------------------------------------

[~rakeshk15] the web console depends on file upload v1.2.1 as a minimum - you 
can deploy it with any higher version, recommended at this point in time is 
1.3.3 which does not have security issues reported (afaik). We can't recommend 
1.4.0 for the problems mentioned here.

I dont know how we can put more pressue on commons to make a 1.4.1 release.
[[email protected]] any thoughts on this one?

> Commons FileUpload 1.4 + Apache Felix Bundle WebConsole
> -------------------------------------------------------
>
>                 Key: FELIX-6037
>                 URL: https://issues.apache.org/jira/browse/FELIX-6037
>             Project: Felix
>          Issue Type: Improvement
>          Components: Web Console
>    Affects Versions: webconsole-4.3.8
>            Reporter: Dan Klco
>            Priority: Major
>
> When using Commons Fileupload with the Apache Felix Bundle webconsole, I've 
> found an error when uploading SNAPSHOT bundles to the webconsole. The process 
> fails with the following exception:
> 23.01.2019 06:56:29.098 *ERROR* [qtp24255790-48] org.apache.felix.http.jetty 
> Problem accessing uploaded bundle file: 
> org.apache.sling.cms.ui-0.11.3-SNAPSHOT.jar 
> (org.apache.commons.io.FileExistsException: Destination 
> '/var/folders/lk/m1djs7v96_b9xfy_7_xhn33h0000gq/T/install8148467763631161526.tmp'
>  already exists)
> org.apache.commons.io.FileExistsException: Destination 
> '/var/folders/lk/m1djs7v96_b9xfy_7_xhn33h0000gq/T/install8148467763631161526.tmp'
>  already exists
> at org.apache.commons.io.FileUtils.moveFile(FileUtils.java:3001) 
> [org.apache.commons.io:2.6.0]
> at 
> org.apache.commons.fileupload.disk.DiskFileItem.write(DiskFileItem.java:405) 
> [org.apache.commons.commons-fileupload:1.4.0]
> at 
> org.apache.felix.webconsole.internal.core.BundlesServlet.installBundles(BundlesServlet.java:1553)
>  [org.apache.felix.webconsole:4.3.8]
> at 
> org.apache.felix.webconsole.internal.core.BundlesServlet.doPost(BundlesServlet.java:330)
>  [org.apache.felix.webconsole:4.3.8]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:644) 
> [org.apache.felix.http.servlet-api:1.1.2]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) 
> [org.apache.felix.http.servlet-api:1.1.2]
> at 
> org.apache.felix.webconsole.internal.servlet.OsgiManager.service(OsgiManager.java:563)
>  [org.apache.felix.webconsole:4.3.8]
> at 
> org.apache.felix.webconsole.internal.servlet.OsgiManager$3.run(OsgiManager.java:465)
>  [org.apache.felix.webconsole:4.3.8]
> at java.security.AccessController.doPrivileged(Native Method)
> at 
> org.apache.felix.webconsole.internal.servlet.OsgiManager.service(OsgiManager.java:461)
>  [org.apache.felix.webconsole:4.3.8]
> at 
> org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:120)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:86)
>  [org.apache.felix.http.jetty:4.0.6]
> at org.apache.sling.i18n.impl.I18NFilter.doFilter(I18NFilter.java:131) 
> [org.apache.sling.i18n:2.5.14]
> at 
> org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:81)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1014)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97)
>  [org.apache.felix.http.sslfilter:1.2.6]
> at 
> org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandler.java:133)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1020)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(WhiteboardManager.java:1024)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49)
>  [org.apache.felix.http.jetty:4.0.6]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) 
> [org.apache.felix.http.servlet-api:1.1.2]
> at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) 
> [org.apache.felix.http.jetty:4.0.6]
> at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:535) 
> [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
>  [org.apache.felix.http.jetty:4.0.6]
> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) 
> [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) 
> [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
>  [org.apache.felix.http.jetty:4.0.6]
> at org.eclipse.jetty.server.Server.handle(Server.java:503) 
> [org.apache.felix.http.jetty:4.0.6]
> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364) 
> [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) 
> [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
>  [org.apache.felix.http.jetty:4.0.6]
> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) 
> [org.apache.felix.http.jetty:4.0.6]
> at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) 
> [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:132)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)
>  [org.apache.felix.http.jetty:4.0.6]
> at 
> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
>  [org.apache.felix.http.jetty:4.0.6]
> at java.lang.Thread.run(Thread.java:748)
> Rolling back to 1.3.3 resolves the issue. I'm thinking that it may make sense 
> to add some sort of random prefix to avoid this issue, but frankly I'm not 
> familar enough with the codebase to be sure. The problem appears to be below:
> File tmpFile = null;
> try
> {
> // copy the data to a file for better processing
> tmpFile = File.createTempFile( "install", ".tmp" );
> bundleItem.write( tmpFile );
> }
> Where the tmpFile conflicts with a pre-existing file (assumedly created by 
> commons fileupload) I'm confused why the process of creating the temporary 
> file is necessary in the first place as I can't imagine why you couldn't work 
> with the InputStream directly, but again, I don't know the codebase or why 
> certain decisions were made. 
> There are two ways I could see resolving this:
>  * Add a random string (UUID, etc) into the tmp file name when creating it
>  * Replace the tmp file with direct input stream usage
> I'm happy to contribute a fix, I just also don't want to muck things up :)



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

[jira] [Commented] (FELIX-6037) Commons FileUpload 1.4 + Apache Felix Bundle WebConsole

Reply via email to