From: Markus Koschany <apo@debian.org>
Date: Mon, 27 Jan 2020 19:40:57 +0100
Subject: CVE-2019-17570

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1775193
---
 .../apache/xmlrpc/parser/XmlRpcResponseParser.java | 28 ++++++++++++----------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/common/src/main/java/org/apache/xmlrpc/parser/XmlRpcResponseParser.java b/common/src/main/java/org/apache/xmlrpc/parser/XmlRpcResponseParser.java
index 087572b..f1b2427 100644
--- a/common/src/main/java/org/apache/xmlrpc/parser/XmlRpcResponseParser.java
+++ b/common/src/main/java/org/apache/xmlrpc/parser/XmlRpcResponseParser.java
@@ -69,19 +69,21 @@ public class XmlRpcResponseParser extends RecursiveTypeParserImpl {
 											getDocumentLocator());
 			}
 			errorMessage = (String) map.get("faultString");
-            Object exception = map.get("faultCause");
-            if (exception != null) {
-                try {
-                    byte[] bytes = (byte[]) exception;
-                    ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
-                    ObjectInputStream ois = new ObjectInputStream(bais);
-                    errorCause = (Throwable) ois.readObject();
-                    ois.close();
-                    bais.close();
-                } catch (Throwable t) {
-                    // Ignore me
-                }
-            }
+			if (((XmlRpcStreamRequestConfig)cfg).isEnabledForExceptions()) {
+				Object exception = map.get("faultCause");
+				if (exception != null) {
+					try {
+						byte[] bytes = (byte[]) exception;
+						ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
+						ObjectInputStream ois = new ObjectInputStream(bais);
+						errorCause = (Throwable) ois.readObject();
+						ois.close();
+						bais.close();
+					} catch (Throwable t) {
+						// Ignore me
+					}
+				}
+			}
 		}
 	}