Fix (APAR):  PI94763

Status:  Fix

Release:  17.0.0.3

Operating System:  AIX,HP-UX,IBM i,Linux,OS X,Solaris,Windows

Supersedes Fixes:  PI90804

CMVC Defect:  

Byte size of APAR:  1006639

Date: 2018-03-14

Abstract:  Fileupload causes NullPointerException on getHeader() call

Description/symptom of problem:  
PI94763 resolves the following problem:

ERROR DESCRIPTION:                                              
During a servlet request, the customer could encounter a        
Null Pointer Exception when accessing the getHeader() call      
because a previous call using the commons file upload           
library cause a null header to be produced.                     

LOCAL FIX:                                                      

PROBLEM SUMMARY

USERS AFFECTED:
 All users of IBM WebSphere Application
Server Liberty

PROBLEM DESCRIPTION:
NullPointerException when servlet calls
getHeader()

RECOMMENDATION:
None

During a servlet request, the customer could encounter a
NullPointerException when calling getHeader() if a previous
servlet request handled a file upload and contained an embedded
FileItem.

An example stackdump of the NPE:
Caused by: java.lang.NullPointerException
at
com.ibm.ws.webcontainer.srt.SRTServletRequestPart.getHeader(SRTS
ervletRequestPart.java:90)
at
org.springframework.web.multipart.support.StandardMultipartHttpS
ervletRequest.parseRequest(StandardMultipartHttpServletRequest.j
ava:97)
... 72 more

PROBLEM CONCLUSION:                                             
A class in the commons fileupload library was recently patched  
to address another issue, but was missing an implementing       
interface, which caused this regression.  This fix adds in the  
interface, which resolves the issue.                            
                                                                
The fix for this APAR is currently targeted for inclusion in fix
pack 18.0.0.1.  Please refer to the Recommended Updates page for
delivery information:                                           
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980   


Directions to apply fix:  
        1. Open a console and direct it to the location of your iFix jar
        2. Run the command "java -jar 17003-wlp-archive-IFPI94763.jar". The following launch options
        are available for the jar:

        --installLocation [LibertyRootDir] by default the jar will look for a "wlp" directory
        in its current location. If your Liberty profile install
        location is different to "wlp" and/or is not in the same
        directory as the jar then you can use this option to change
        where the jar will patch. [LibertyRootDir] can either be
        relative to the location of the jar or an absolute file path.

        --suppressInfo hides all messages other than confirming the
        patch has completed or error messages.

        3. Stop your Liberty profile server(s).
        4. When you next start your Liberty profile server(s), the fix will become active in your runtime.









Directions to remove fix:  
        1. Stop your Liberty profile server(s).
        2. You will need to delete the following files (file locations are
        relative to your Liberty profile install root):

         - lib/com.ibm.ws.org.apache.commons.fileupload.1.2.1_1.0.18.cl170320180309-1128.jar
         - lib/fixes/17003-wlp-archive-IFPI94763_17.0.0003.20180309_1450.xml
         - lib/fixes/17003-wlp-archive-IFPI94763_17.0.0003.20180309_1450.lpmf

        3. When you next start your Liberty profile server(s), the fix will become inactive in your runtime.









Directions to re-apply fix:  
        1. Follow the instructions to apply the fix.









Additional Information: