[
https://issues.apache.org/jira/browse/PROTON-1249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15359138#comment-15359138
]
Justin Ross commented on PROTON-1249:
-------------------------------------
Reviewed by Robbie. Approved for 0.13.1.
> proton-j: unsafe type initialisations
> -------------------------------------
>
> Key: PROTON-1249
> URL: https://issues.apache.org/jira/browse/PROTON-1249
> Project: Qpid Proton
> Issue Type: Bug
> Components: proton-j
> Affects Versions: 0.12.2
> Reporter: Dominic Evans
> Assignee: Dominic Evans
> Labels: proton-j, security
> Fix For: 0.13.1
>
>
> In #readValue() for ArrayType, BinaryType, ListType and MapType
> decoding, if the 'count' specified is very large then it is likely to
> trigger an OutOfMemoryException. As these can come from an external data
> source, during the SASL init for example, there is a potential for a
> denial of service. The fix is to throw an IllegalArgumentException if
> the count value is larger than the amount of data available in the
> received bytes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
