[jira] Updated: (DIRMINA-454) Trivial denial of service in TextLineDecoder

[Trustin Lee (JIRA)]

     [ 
https://issues.apache.org/jira/browse/DIRMINA-454?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Trustin Lee updated DIRMINA-454:
--------------------------------

        Fix Version/s: 1.0.7
                       1.1.4
             Assignee: Trustin Lee
    Affects Version/s:     (was: 1.1.2)
                       1.0.6
                       1.1.3

> Trivial denial of service in TextLineDecoder
> --------------------------------------------
>
>                 Key: DIRMINA-454
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-454
>             Project: MINA
>          Issue Type: Bug
>          Components: Filter
>    Affects Versions: 1.0.6, 1.1.3
>            Reporter: Owen Jacobson
>            Assignee: Trustin Lee
>             Fix For: 1.1.4, 1.0.7
>
>         Attachments: no-dos.patch
>
>
> In both of TextLineDecoder's decoding methods, the decoder only checks the 
> size of input after it's found at least one line ending character.  
> Infinitely long streams of, say, 'y's will cause the decoder to try to buffer 
> up data until the JVM falls over.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.