[
https://issues.apache.org/jira/browse/FELIX-6271?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated FELIX-6271:
---------------------------------------
Description:
If you attempt to upload an invalid bundle in BundleServlet (say a regular war
file), null is returned from getSymbolicNameVersion(bundleFile). This result in
a NPE and the bundleFile is not actually deleted. This could potentially allow
someone to fill up the disk space of the server by repeatedly uploading large
invalid war/jars.
PR: [https://github.com/apache/felix-dev/pull/20]
was:If you attempt to upload an invalid bundle in BundleServlet (say a
regular war file), null is returned from getSymbolicNameVersion(bundleFile).
This result in a NPE and the bundleFile is not actually deleted. This could
potentially allow someone to fill up the disk space of the server by repeatedly
uploading large invalid war/jars.
> Make sure invalid bundles are deleted in BundleServlet
> ------------------------------------------------------
>
> Key: FELIX-6271
> URL: https://issues.apache.org/jira/browse/FELIX-6271
> Project: Felix
> Issue Type: Bug
> Components: Web Console
> Affects Versions: webconsole-4.5.0
> Reporter: Colm O hEigeartaigh
> Priority: Minor
>
> If you attempt to upload an invalid bundle in BundleServlet (say a regular
> war file), null is returned from getSymbolicNameVersion(bundleFile). This
> result in a NPE and the bundleFile is not actually deleted. This could
> potentially allow someone to fill up the disk space of the server by
> repeatedly uploading large invalid war/jars.
>
> PR: [https://github.com/apache/felix-dev/pull/20]
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
