Details

    • Type: Regression Bug
    • Status: Closed
    • Resolution: Fixed
    • Affects Version/s: 6.1.X EE, 6.2.X EE, 7.0.0 M3
    • Fix Version/s: 7.0.0 M2
    • Component/s: Security Vulnerability
    • Labels:
      None

      Description

      Steps to reproduce:
      1, Go to Control Panel -> Server Administration -> Script
      2, Run following Groovy script

      long companyId = 0;
      long groupId=0;
      long userId=0
      String className = "";
      long classPK = 0;
      String contentType = "";
      String[] modes = []
      InputStream inputStream = null;
      OutputStream outputStream = null;
      Map<String, Object> options = null;
      
      com.liferay.portal.kernel.sanitizer.SanitizerUtil.sanitize(companyId, groupId, userId, className, classPK, contentType, modes, inputStream, outputStream,options);
      

      Expected result: Exception log with "Input stream is null" message
      Actual result: Stack overflow exception

        Attachments

        1. fixed.png
          fixed.png
          21 kB
        2. reproduced.png
          reproduced.png
          39 kB

          Issue Links

            Activity

              People

              Assignee:
              hong.zhao Hong Zhao
              Reporter:
              tomas.polesovsky Tomáš Polešovský
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                6 years, 2 weeks, 4 days ago

                  Packages

                  Version Package
                  7.0.0 M2