[ https://issues.apache.org/jira/browse/PROTON-1249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15359138#comment-15359138 ]
Justin Ross commented on PROTON-1249: ------------------------------------- Reviewed by Robbie. Approved for 0.13.1. > proton-j: unsafe type initialisations > ------------------------------------- > > Key: PROTON-1249 > URL: https://issues.apache.org/jira/browse/PROTON-1249 > Project: Qpid Proton > Issue Type: Bug > Components: proton-j > Affects Versions: 0.12.2 > Reporter: Dominic Evans > Assignee: Dominic Evans > Labels: proton-j, security > Fix For: 0.13.1 > > > In #readValue() for ArrayType, BinaryType, ListType and MapType > decoding, if the 'count' specified is very large then it is likely to > trigger an OutOfMemoryException. As these can come from an external data > source, during the SASL init for example, there is a potential for a > denial of service. The fix is to throw an IllegalArgumentException if > the count value is larger than the amount of data available in the > received bytes. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org