[ https://issues.apache.org/jira/browse/DIRMINA-454?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Owen Jacobson closed DIRMINA-454. --------------------------------- I finally got a chance to test this out -- it works great! I had a look at the code, and if I understand what it's doing it's good enough for my purposes. You might want to document the exact semantics of the line length limit in the javadocs somewhere; they're a little vague right now. > Trivial denial of service in TextLineDecoder > -------------------------------------------- > > Key: DIRMINA-454 > URL: https://issues.apache.org/jira/browse/DIRMINA-454 > Project: MINA > Issue Type: Bug > Components: Filter > Affects Versions: 1.0.6, 1.1.3 > Reporter: Owen Jacobson > Assignee: Trustin Lee > Fix For: 1.0.7, 1.1.4 > > Attachments: no-dos.patch > > > In both of TextLineDecoder's decoding methods, the decoder only checks the > size of input after it's found at least one line ending character. > Infinitely long streams of, say, 'y's will cause the decoder to try to buffer > up data until the JVM falls over. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.